Mobile Phone Calls Can Now Be Intercepted By Anyone With Enough Money

Published on 07 January 2010 by Stan Shyshkin in Security News

wiretapping 300x225 Mobile Phone Calls Can Now Be Intercepted By Anyone With Enough Money Computer security researchers say that GSM phones (which make up about 80% of the mobile phone market) can be listened in on by anyone with a few thousand dollars worth of hardware and some free open-source tools.

This Sunday at the Chaos Communication Conference in Berlin, Karsten Nohl unveiled his discovery and invention: the “cracking tables”, which is a 2 terabyte code that can be used to determine the encryption key to a secure GSM (Global System for Mobile communications) telephone conversation or text message. Meaning that with this code anyone with enough hardware can intercept a call or text message from a GSM mobile phone.

While Nohl didn’t create a GSM-cracking device (which would be illegal in most countries, including the U.S.) he used the information that had been common knowledge in most academic circles to make it usable. He also says that the flaw that allows calls and texts to be intercepted is the 20-year-old encryption algorithm used by most carriers. It’s a 64-bit cipher called A5/1 and it is simply too weak, according to Nohl. Using his cracking tables, antennas, specialized software, and about $30,000 worth of computing hardware to break the cipher, anyone can crack the GSM encryption in real time and listen in on calls.

The reason that this is only now coming to our attention is that even discussing wiretapping tools can be illegal in the U.S. and most researchers never risked researching the subject. But after hiring lawyers to consult with the Electronic Frontier Foundation, Nohl and his collaborators set upon exposing the flaws in the GSM system without –they believe — breaking the law. Even though Nohl didn’t create a device that would be able to intercept the calls, he says that a technically sophisticated hacker could figure it out, and has probably already done so.

“I certainly use my phone differently than before, trying to keep confidential calls on encrypted lines instead” said Karsten Nohl.

To deal with the security threat with the old GSM phones, GSM Association said that they will look into the researcher’s claims and that they have developed a next-generation standard for GSM phones called the A5/3, which is considered to be much more secure then the old A5/1. It is the same type of encryption that is already being used on 3G networks to carry Internet traffic.

(Via ComputerWorld)