Secret GSM mobile phone code cracked; more than 3b people vulnerable to having calls intercepted

Year-End Clearance & Tax Saving Sale “Computer hackers this week said they had cracked and published the secret code that protects 80 per cent of the world’s mobile phones. The move will leave more than 3bn people vulnerable to having their calls intercepted, and could force mobile phone operators into a costly upgrade of their networks,” Maija Palmer reports for The Financial Times.

“Karsten Nohl, a German encryption expert, said he had organised the hack to demonstrate the weaknesses of the security measures protecting the global system for mobile communication (GSM) and to push mobile operators to improve their systems,” “‘This shows that existing GSM security is inadequate,’ Mr Nohl told an audience of about 600 people at the Chaos Communication Congress in Berlin, a four-day conference of computer hackers.”

“‘We have given up hope that network operators will move to improve security on their own, but we are hoping that with this added attention, there will be increased demand from customers for them to do this’ he told the Financial Times,” Palmer reports.

“The hacked GSM code could compromise more than 3bn people in 212 countries,” Palmer reports. “It does not affect 3G phone calls, however, which are protected by a different security code.”

“The GSM Association, the industry body for mobile phone operators, which devised the A5/1 encryption algorithm 21 years ago, said they were monitoring the situation closely,” Palmer reports. “‘We are concerned but we don’t believe it will result in widespread eavesdropping tomorrow, or next week or next month,’ said James Moran, security director of the GSMA.”

Full article here.

[Thanks to MacDailyNews Reader “Fred Mertz” for the heads up.]

27 Comments

  1. @Silverhawk

    Is the massive subsidy on the iPhone not enough proof for you that AT&T;has a long-term exclusivity deal? If they didn’t have it, they wouldn’t offer such a steep discount.

  2. @Sixvodkas

    Stucktrader makes a very valid point, which everybody seems to ignore, because he also happened to include “AT&T” in his message.

    The point is:
    What an excellent way to promote 3G !!!

    Forget Verizon with its archaic CDMA scheme, but there still are many operators around that are still in the EDGE era. (2.5G?)

  3. Well when you get a whole team of geeks/hackers together to try to decode an algorithm of course it’s gonna break! Every security system ever devised by man is susceptible to being broken, given enough time or resources.

    Would anyone have tried to do this hack without this guy organizing them?

  4. @ Chris

    There’s an entire realm of research called “cryptology” with a branch called “cryptanalysis.” (I’ve given talks and published papers on breaking AES myself.) It’s not a “team of geeks/hackers.” These are the people that make the advances in the field and discover weaknesses in current systems. Would rather leave it to the criminals?

  5. I work in a very secretive industry. We have been aware of our cell phones being compromised since the early 90s. We not only use highly encrypted satphones for sensitive calls, we’ve been spying on the competition’s cell phone calls for years.

    CDMA network calls have been compromised for years. 3G network calls are being compromised right now. Landline calls can be compromised with or without a court order. If you need the information, you can get it for a price.

  6. Stolen phone message:

    ME: “Hi hon, I’m leaving work.

    SHE: “Pick up dinner, okay?”

    ME: “Taco Bell or Subway?

    SHE: “It’s Taco Tuesday!”

    ME: “Alright, I’ll get the usual. See you soon.”

    SHE: “Bye”

    Anyone that wants to listen to that sort of stuff is welcome to eavesdrop.

  7. @vanfruniken

    You said “Forget Verizon with its archaic CDMA scheme”

    Are you a total moron? LMAO!

    CDMA is the basis for ALL 3G technologies as well as LTE…. GSM is the truly archaic technology! It is based on TDMA! How ancient is that?

    and don’t get me started no the pathetic GPRS Packet core network…. At least CDMA2000 networks use Mobile IP straight from the phone right into the PDSN. So therefore, none of the delays inherent in a GPRS packet core network…. talk about archaic!

    BTW, 2G CDMA networks are unaffected from this hack as well… inherently better security has always been one of the benefits of CDMA technology.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.