After 21 years, the code that has kept the world’s GSM networks safe from interception has been broken. According to a 28 year old German cryptographer Karsten Nohl, speaking at a hacker conference in Berlin the Chaos Communication Congress, the encryption code has been deciphered.
Nohl and a group of cryptographers claim that they have broken and published the primary encryption code for GSM, using legal methods to break the A5/1 standard, and have made available a 'code book' of binary data that could be used to decipher the content of a call within hours or even minutes.
“This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls,” he said.
The GSMA has dismissed Nohl’s claims as illegal as they overstated the security threat to wireless calls.
"GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls. Reports of an imminent GSM eavesdropping capability are common," a GSMA spokesperson said.
According to the hackers a simple attack can be achieved with a PC containing a medium-end graphics card, a large hard drive, two USRP2 receivers and channel-hopping software.
More elaborate setups that use a network of computers will be able to unlock calls almost instantaneously, Nohl said.
Weaknesses in A5/1 are widely known and in response mobile operators devised A5/3, an algorithm that requires a far more elaborate mathematical operation to break.
Nohl pointed out that despite estimates that some 40% mobile phones are capable of using the newer cipher, it has yet to be adopted.
"A5/3 is a better encryption algorithm and there has been a long-standing proposal to make this the preferred cipher in GSM. But no network operator with one exception that I'm aware of has started adopting A5/3 so far," he said.
The GSMA has publicly stated that it plans to transition to the new technology, but has yet to provide a timetable.