Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Researcher plots downfall of GSM phone security

Give me 80 PCs and three months, says techie.

Article comments

A US-based researcher has published a new method of attacking the encryption used to secure GSM mobile phones that he believes will force networks to revise the current generation of call security.

Karsten Nohl of the University of Virginia used the the Hacking at Random (HAR) conference in the Netherlands two weeks ago to outline a method of brute-forcing the encryption keys at the heart of GSM's A5/1 security design in a tiny fraction of the time previously required. His motivation, he said, was to force the industry to improve GSM security.

The technique depends on algorithms of his own devising to generate a lookup table of these keys after number crunching using 80 powerful computers for about three months. According to Nohl, once such a project was completed, it would be possible for anyone to use the table to break into any GSM call or SMS message in nearly real time.

To put this advance into perspective, it was previously estimated that creating such a table would take 100,000 years on a single PC and require vast amounts of data to stand any chance of working. Although such resources are available to governments and agencies with money to throw at the problem, Nohl's technique could make GSM sniffing possible for anyone with the equipment necessary to access the call stream or data.

Nohl said he had decided to turn the project into an open source effort distributed as widely as possible not only to speed up the creation of the table but to reduce the possibility of legal interference by the mobile industry. Interested participants would each work on a specific portion of the table, uploading the completed data anonymously using BitTorrent.

"Clearly we are making the attack more practical and much cheaper, and of course there's a moral question of whether we should do that," Nohl was reported as saying in a third-party interview to CNET. "But more importantly, we are informing [people] about a longstanding vulnerability and hopefully preventing more systems from adopting this."

"This not just a one-off event, and is part of a process that has been going on for years," said Simon Bransfield-Garth, CEO of UK call encryption company, Cellcrypt, told Techworld. "It will only take a few months for people to build their own call tables." The problem was that, despite a string of theoretical attacks having been made public in recent years, the industry was still reluctant to change a security technology that dated back to 1987.

He believed that at the very least, companies with a need for call security would be inclined to turn to VoIP call encryption of the sort sold by his company, although he accepted that the main disadvantage of this was the need for expensive software on VoIP-capable phones at both ends of the conversation. Until the critical mass of VoIP improved, the vast majority of mobile phone users would have little choice but to rely on the security offered within GSM itself.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *