Hacker cracks GSM encryption

Watch what you say

A German security expert is claiming to have cracked the GSM encryption algorithm, making calls vulnerable to snooping.

Karsten Nohl says he has been able to listen in on conversations with equipment costing a few thousand dollars and a set of cracking tables which he and his team have compiled over the last six months.

Intercepting calls is illegal in many countries, including the US, and Nohl was careful not to actually release a cracking device. But, he says, “If you can work a BitTorrent client and a standard GNU build process then you can do it all, too.”

GSM is the most widely used mobile standard, accounting for about 3.5 billion of the world’s 4.3 billion wireless connections.

But the 21-year-old encryption algorithm – a 64-bit cipher called A5/1 – is simply not up to the job, says Nohl.

The encryption works through random channel-hopping across 80 different channels. But with a set of open source software tools, Nohl and his team were able to follow these frequency changes in real time.

The GSM Alliance’s more recent standard, A5/3, used for 3G networks, is rather more secure.