Syber News

It is evident from the recent Predator drone hacking that the only way to protect over-the-air transmissions is some sort of encryption. Meanwhile, eighty percent of the world's phones are GSM-based, meaning, they use SIMs and operate on networks like the U.S.'s AT&T and T-Mobile, but on Monday a German security expert announced that he and a group of contributors had broken the primary encryption code protecting GSM phone calls.

Karsten Nohl made the statement to a group of hackers at the Chaos Communication Congress. The Congress is a four-day event held in Berlin. He said, "This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls.”

Nohl also added that the "code book" for the algorithm is available online now, via services such as BitTorrent. While he didn't provide a link for the document, just saying it's available as a torrent will be enough for most.

The current GSM encryption scheme is known as the A5/1 standard, based on a 64-bit encryption scheme. The more bits, the harder to crack, and a newer specification based on 128-bit encryption called A5/3 has been available since 2007. However, few network operators upgraded to the new system.

In response, spokespeople for the GSM Association pooh-poohed the issue. They said that operators, by simply modifying the existing algorithm, could prevent any unintended surveillance, and that actually "listening in" would be a complex operation at any rate, including a radio receiver system and signal processing software to process raw radio data.

Others were not so quick to dismiss the dangers. Simon Bransfield-Garth, the CEO of Cellcrypt, a company based in London, said this information could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of “any reasonable well-funded criminal organization.”

However, other security experts disagree, saying the crack now puts mobile interception of the majority of non-3G cellphone calls within reach of “any reasonable well-funded criminal organization. This will reduce the time to break a GSM call from weeks to hours. We expect as this further develops it will be reduced to minutes.” GSM phones encompass approximately 80 percent of the world's cell phones.