Secret GSM mobile phone code cracked; more than 3b people vulnerable to having calls intercepted

Year-End Clearance & Tax Saving Sale “Computer hackers this week said they had cracked and published the secret code that protects 80 per cent of the world’s mobile phones. The move will leave more than 3bn people vulnerable to having their calls intercepted, and could force mobile phone operators into a costly upgrade of their networks,” Maija Palmer reports for The Financial Times.

“Karsten Nohl, a German encryption expert, said he had organised the hack to demonstrate the weaknesses of the security measures protecting the global system for mobile communication (GSM) and to push mobile operators to improve their systems,” “‘This shows that existing GSM security is inadequate,’ Mr Nohl told an audience of about 600 people at the Chaos Communication Congress in Berlin, a four-day conference of computer hackers.”

“‘We have given up hope that network operators will move to improve security on their own, but we are hoping that with this added attention, there will be increased demand from customers for them to do this’ he told the Financial Times,” Palmer reports.

“The hacked GSM code could compromise more than 3bn people in 212 countries,” Palmer reports. “It does not affect 3G phone calls, however, which are protected by a different security code.”

“The GSM Association, the industry body for mobile phone operators, which devised the A5/1 encryption algorithm 21 years ago, said they were monitoring the situation closely,” Palmer reports. “‘We are concerned but we don’t believe it will result in widespread eavesdropping tomorrow, or next week or next month,’ said James Moran, security director of the GSMA.”

Full article here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

27 Comments

  1. I heard the guy being interviewed. He only showed what others have been exploiting for some time, so this guy is actually doing everyone a service. Now they will have to device a better encryption scheme.

  2. @ stucktrader;

    Since you’re obviously also stuck under a rock, let me point out to you what nearly everyone else on planet earth already knows.

    Apple shopped other carriers.
    Other carriers declined Apple.
    Apple went where they could.
    Everyone else said “no”.
    Apple gave other carriers a shot at it.
    Other carriers did not want iPhone.

    Got it yet?

    I typed that as slow as I could, so take your time reading it- And maybe, just maybe, it’ll sink into your skull.

  3. Sixvodkas
    Show me the links or where to find this information? Totally hearsay. Apple has never published any of the stuff you are writing about.

    I’m skeptical! I’d like to see proof of the five year deal ATnT has. Show me please.

  4. Apple shopped other carriers? I don’t think so. Try ONE carrier, Verizon. There are no reports to indicate otherwise.

    Apple didn’t approach every carrier because Steve wanted a big fat deal with one of the two largest that could afford to pull it off, Verizon or ATT. If that’s what he felt was necessary to successfully execute his vision then fine, I won’t knock it since I love the results. But we can’t say that Sprint, T-Mobile, Alltel (now Verizon) etc. turned down the iPhone.

  5. Let’s get serious here, folks. Only ATT and Verizon could POSSIBLY have handled the data (not to mention financial) load the iPhone brings to the table.

    Sprint? T-Mobile? Alltel? Get real. None of them could have even begun to support what Steve had in mind. Perhaps all of them TOGETHER and ALL AT ONCE could, you say? Yeah, great idea. Let’s troubleshoot the entire world of telecommunications with a revolutionary new device at the same; that shouldn’t be too hard.

    What we have here (as much as you may hate it) is–and was–the best of all possible worlds at the time (with apologies to Monsieur Voltaire).

  6. Inquiring minds want to know, what the hell Steve Jobs was thinking when he chose Verizon first? What did he see in Verizon’s future that didn’t exist with GSM?

    All of the carriers, except Sprint, caved into the Bush Administration’s request to provide voice and data from American citizens. As far as I know, AT&T hasn’t shut down its infamous secret squirrel spy room in San Francisco.

    So what’s the difference? Whether it’s Verizon sharing your personal data with the government or your neighbor eavesdropping on your phone calls, nothing is sacred anymore.

    Remember when you’re surfing the web in the wee hours of the morning, you’re not alone, ever!

  7. “Inquiring minds want to know, what the hell Steve Jobs was thinking when he chose Verizon first?”

    Rumor has it that Steve was a Verizon customer and wanted the iPhone on what he personally felt was the best wireless network.

  8. Talk about sensationalist story openings: “Computer hackers this week…”
    Now “German encryption expert” = “hacker”. Is Ms Palmer merely trying to be a hit-whore? Oh, thats right. Her position as a blogger at FT requires hits. I get it.

    Nohl’s research is the culmination of several years of work by a number of respected cryptographers. Mainly, his contribution was generating a large table collating keys to make searching the keyspace a trivial lookup. The weaknesses in A5/1 (and potentially in A5/3) encryption have been well-known for over 5 years. This “security via obscurity” crap just never works. Just ask Micro$oft? (ROFLMA.)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.