Hacker Cracks GSM Cell Phone 64-bit Encryption
The connection is made.
These days it seems like no form of digital communication is truly secure – but especially not one that is protected by a 21-year-old form of encryption.
Earlier this week, 28-year-old German computer engineer Karsten Nohl deciphered and published GSM algorithm used to protect the privacy of 80 percent of mobile calls worldwide.
Nohl said that he broke and published the code not for nefarious purposes, but to encourage the uptake of a more secure system. Apparently, the GSM Association has had a 128-bit scheme since 2007, but the standard failed to attract the support of phone companies.
"This shows that existing G.S.M. security is inadequate," Mr. Nohl said, according to the New York Times. "We are trying to push operators to adopt better security measures for mobile phone calls."
"We are not recommending people use this information to break the law," Mr. Nohl added. "What we are doing is trying to goad the world’s wireless operators to use better security."
The encryption code is now available for public consumption on BitTorrent networks. While this development does make it easier for hackers to snoop in on phone calls, there's still a rather large barrier in trying to separate and isolate a single call stream from the many that pass through a single cell station.
Nevertheless, the communications world just got a little less private.
- San Jose Cops Get Head Cameras
- Homeland Security Wants More 'Naked Scanners'
- DirecTV Launching Dedicated 3D HD Channel
- Escaped Convict Continues to Update Facebook
- Kid Goes Crazy After Receiving Xbox 360 for Xmas
- AT&T Says NYC is 'Not Ready' For the iPhone [UPD]
- Update Twitter, Facebook with QWERTY Remote
- Summary Judgement Granted in isoHunt Case
- Toshiba Developing Translation System for Phones
- Emperor Workstation Looks Like Battledroid
- Verizon Forcing Subscribers to Use Bing?
- TAG Heuer, Lamborghini Create Car-like Phone
- Minitopz: the $2,250 PC/Lamp Combo Thingy
- It's the World's Most Expensive Phone
- Google Nexus One Will Cost $530 Unlocked
- AT&T to FCC: Drop The Landline Requirement
- Police Investigate High School 'Sexting' Incident
- VIDEO: Hands On With Google's Nexus One
- Analysts Grow Impatient at Lack of Kindle Stats
Old news is old. This story came out in the first of the week.
Funny pic.
Then, we need 1024bit encryption. Yeah.
this will lead to a new verizon vs att commercial i just know it
so wait you want modern technology AND privacy? that's unpossible!
Still glad I have Verizon!
I'm still glad i have alltel.
and at&T is gsm... verizon is CDMA...
want to be hacked.. theres an app for that..
All Comunication devices can be hacked, if you don't believe me contact the United States Military or the FBI, they do it all the time.
All Comunication devices can be hacked, if you don't believe me contact the United States Military or the FBI, they do it all the time.
Yup. All consumer grade encryptions can be hacked given enough time and resources.
PS: With the advances in using GPUs to do calculations (ie CUDA/OpenCL,etc) it's quite possible to do a brute force attack cheaply now.
this will lead to a new verizon vs att commercial i just know it
Yeah, I can see it now...
The verizon guy is sporting an ATT phone, saying "can you hear me now?"
A hundred guys with headphones and HAM antennas on their computers go "yep!" in unison.
Not that this should be a jab; I am sure CDMA is no more inherently advanced, it's merely got the Apple Effect going for it... less users means less of a target.
Wow, which band of fanbois will come after me first? I think this post won't be complete with out a "OMG the WII SUX IT HAZ NO 1080Pzzz!!!!!1".
There. I feel better.
256bit encryption would be "good enough" for now
Interesting development.
Not very well informed article. GSM is not even 64bits encryption but 56bits key, with, and here is the sensation.... the 16highbits are all zeroes always... so the encryption key is really only 40bits to solve, That has been done realtime för the last 10-12 years or so... Security is like airports, only for show...
Screw all cellphone service providers, it's becuase of the people who just text or use the internet why my phone calls are just adequate compared to a land line. Because not enough people complain about the sound quality of their calls it's not high on the priority list, other crap that makes you're cell phone more like a computer the and more like something you have to really worry about if it gets lost or stolen.
It took 21 years for someone to crack the encryption and then publish this? That's pretty poor, those crackers need to work harder.
I guess my 9-year-old Nokia 3310 is no longer secure. Whatever will I do now that people can listen in on my conversation about what we're having for dinner the following night?
Let's get back to no encryption at all and demand for lower service fees!
"It took 21 years for someone to crack the encryption"
that is incorrect..
it took 18 year for it to be cracked(easily)...
it was at(and demonstrated) at the black hat conference 3 years ago.
took about 10 seconds to crack
Uhm, that's not how you alert people of serious security flaws. Tell them they exist, demonstrate your hack, but do NOT reveal the flawed code to the public like that, as you basically create the situation you think needs to be prevented, even if it is temporary.
And this isn't a small security issue, this is huge.
I kind of think he should be arrested for this.
"It took 21 years for someone to crack the encryption"that is incorrect..it took 18 year for it to be cracked(easily)...
Right, and 18 years is a short period of time?
*to randomizer*
well it "recently"(last 7-10 years) became vary popular...
hackers don't go after stuff that is not popular. aka Mac's.
GSM was supposed to be "WIRED EQUIVALENT"(add the Protocol for your self) and you get WEP and we all know how bad that is.
Cheers to the guy who cracked it. But really, he should have contacted the companies privately to encourage the step up to 128bit encryption, or even given them a demonstration. Making the algorithm public seems like a bit of a stupid idea. Unless of course you want to force the companies to step up, which although it may work, it's still a bad idea to make that sort of thing public.
Cheers to the guy who cracked it. But really, he should have contacted the companies privately to encourage the step up to 128bit encryption, or even given them a demonstration.
While it's not public there's no threat and therefore no need for companies to invest in better tech. This is the only way forward.