Forgot your password?

GSM Encryption Cracked… Yet Again

berryreview-blackberry-ninjas Don’t run for the hills just yet but this is some important news. A German encryption guru, Karsten Nohl, decrypted and published the secret codebook for the 21 year old GSM encryption algorithm still used for 80% of GSM calls. This old A5/1 algorithm is a  64-bit binary code which was supposed to be phased out by a new 128-bit encryption code released in 2007. Still most carriers have not upgraded since they are already moving to 3G which has stronger encryption protocols.

This is not the first time that this GSM protocol has been cracked. It was first shown in 2008 that you could crack the encryption in 30 minutes with a $1,000 worth of equipment and in 30 seconds with $100,000 of equipment. (Hat tip to Will Park)

Keep in mind the encryption is only one step of the protection since it just opens up the torrent of information and is hard to snoop on a single conversation. Not sure who would want to listen to my phone calls anyway…

via New York Times

3 total comments on this postSubmit your comment!
  1. I still remember having a scanner in the early 90’s and hearing analog cellphone calls. They would cut in and out as the phones switched towers or channels, but I’d often hear the same people again and again (including one guy who for some reason used his cellphone at the crazy airtime rates back then to call a phone sex line several times a week…I guess the airtime per minute rates paled in comparison to the sex line rates).

    If you had a frequency counter you could determine the channel a particular person was on if you were close enough to them, and then go to that channel. Anyone could ‘tap’ a cellphone that way.

    That all changed once digital phones/networks came along, and was one of the reasons I finally got a cellphone in 1999 and chose a digital network even though it had less coverage.

    I still never discuss anything on a cellphone I wouldn’t want others to hear though.

  2. meh.

    the general public should be more fearful of the carriers and federal government constantly, actively, and legally monitoring your calls than of this. besides, if someone (other than the gov’t) is monitoring calls for dubious reasons, they’re listening for more important people with information more relevant to their interests.

    no one is wasting their time to listen in on your phone calls and hoping you’ll state your name, debit card number, expiration date, pin, security code, and date of birth, be it in a single call or gradually over days or weeks at a time. the effort to score ratio doing that is highly unprofitable and thus not worthwhile, unless you’re bill gates or steve jobs, etc.

    and btw, of the 2 major carriers using GSM in the US, only at&t is still using A5/1 in part of their network. t-mo’s whole network has been using A5/3 (128-bit) for over a year now.

    • While your point is no less valid I have to say that I give out requisite charge card info on my cellphone at least 3 times a week. I’d say such sensitive info is being transmitted a lot more often than you seem to think.

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC