Cellphone security revealed

2009-12-30 22:24

kalahari.com

  • Online Privacy
    This text provides a comprehensive yet easy-to-understand investigation of the history of and... Now R652.00
    buy now

Frankfurt - A German security expert has raised the ire of the cellphone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cellphone users secret.

Karsten Nohl, 28, told The Associated Press this week that he, working with others online and around the world, created a codebook showing how to get past the GSM encryption used to keep conversations on more than 3 billion mobile phones safe from prying ears.

Nohl said the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites.

"The message is to have better security, not we want to break you," he said of the move. "The goal is better security. If we created more demand for more security, if any of the network operators could use this as a marketing feature... that would be the best possible outcome."

GSM, the leading cell phone technology around the world, is used by several wireless carriers in the US, with the largest being AT&T Inc and T-Mobile USA (South Africa also uses the GSM standard). Verizon Wireless and Sprint Nextel Corp. use a different standard.

The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl's rationale.

Claire Cranton, a spokesperson for the London-based group, said that "this activity is highly illegal in the UK and would be a serious RIPA offense as it probably is in most countries." RIPA, or the Regulation of Investigatory Powers Act, is a British law governing the interception of user logs and e-mails of suspected criminals by security and intelligence agencies.

It has already been possible to intercept GSM calls, but the equipment is generally only available to law enforcement. Regular wiretapping of cellular calls is also possible, since they travel unencrypted over standard wiring after being picked up by a cell tower. As a result, terrorists or criminals may talk in code and use prepaid phones they then discard.

Even with Nohl's exploit, expensive and sophisticated radio equipment placed close to the target is required to pull the calls off the air.

Sujeet Shenoi, a professor of computer science at the University of Tulsa in Oklahoma, said that while the code-breaking guide raises privacy issues, his main concern is that organised crime will take advantage of it to make money, perhaps by eavesdropping on transactions between consumers and merchants.

"It's a shot across the bow" of the wireless industry, he said.

Nohls' effort undermines the 21-year-old algorithm used to ensure the privacy of phone calls made on GSM (global system for mobile communication) cell phone networks.

That algorithm, dubbed the A5/1 and made up of 64-bit binary code, was adopted in 1988. Since then 128-bit codes have been implemented to ensure caller privacy on newer, third-generation networks. The GSM Association has developed the A5/3 algorithm, which it says is gradually being phased in to replace A5/1.

"The GSMA heads up a security working group which looks at all issues of security and this isn't something that we take lightly at all," Cranton wrote in an e-mail to the AP. "We have a new security algorithm that is being phased (in), as the protection and privacy of customer communications is at the forefront of operators' concerns."

Nohl, who holds a doctorate in computer engineering from the University of Virginia, said that going from a 64-bit code to 128-bit code "makes it some quintillion times more difficult" to crack.

He said the codebook was compiled and posted online not for malicious intent but as a call to the cell phone industry to improve the level of security for those who use GSM phones that are found worldwide and offered through numerous network providers.

"Being security researchers one thing we can do, and what we choose to do in this case, is to show how it can be done," he told the AP on Tuesday by telephone.

"We have created a tool, a codebook, that's used to decrypt GSM packs, or the GSM encryptions," he added, noting that with the codes phone calls could be recorded using a high-end PC, a radio and some software.

"In GSM this flaw was pointed out 15 years ago and 15 years seems long enough for the cypher to be replaced with something else. No one uses a phone that is 15 years old," Nohl said. "If they had taken steps they could have replaced everything three time times over."

Nohl made the announcement on Sunday at the Chaos Communication Congress in Berlin, a four-day event that ends on Wednesday.

While there has been criticism, there is also some faint praise and admiration for the effort.

"We're familiar with his work. It's proper stuff," said Simon Bransfield-Garth, chief executive of London-based Cellcrypt, which sells software to keep mobile phones secure.

"People have been trying to crack GSM for a long time," Bransfield-Garth told AP. "I think the science behind it is pretty sound," he added. "Whether putting it in the public domain was wise, is an entirely different debate."

- AP
Read more on:    online privacy  |  mobile
NEXT ON NEWS24X
SHARE:

Read News24’s Comments Policy

 

Inside News24

 
/Fashion
 

6 life hacks you simply have to know

A few simple tricks can make your life so much easier!

 
 

For chic geeks...

Device lets disabled people talk through their nose
It’s THIS easy for someone to steal your ATM pin!
This is why you should install iOS 8
17 photo illusions that look so real

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Magical Massinga

Spend 5 nights at the gorgeous Massinga Beach Lodge in Mozambique and only pay for 4 from R13 220 per person sharing. Includes return flights, accommodation, transfers and romantic turndown. Book now!

Kalahari.com - shop online today

Pre-order your iPhone 6 at kalahari.com

Hurry and pre-order your own iPhone 6 now at SA’s favourite online store!

Bargain box – 60% off

Reduced prices, very limited stock. While stocks last. Hurry and shop now!

Mind blow low prices on electronics

Get either the Prestigio multiphone or Proline tablet 7” tablet for only R699. Offers valid while stocks last. Shop now!

30% off Barbie toys

Save 30% on all Barbie toys and accessories. Offer valid while stocks last. Shop now!

Baby extravanganza month at kalahari.com

Celebrate baby month with a wide range of awesome baby products. Offers valid while stocks last. Shop now.

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

Horoscopes
Aquarius
Aquarius

Your sense of duty is emphasized and you may put your heart and soul into helping, serving and being there for the community in a...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.