Karsten Nohl, a German computer engineer that published algorithms to secure wireless voice calls for mobile operators in 2009, is back to secure the next generations of sensitive data. This time, Nohl will help protect mobile phones’ Internet data, but first he had to prove to mobile providers just how insecure their encryption really is.
To do this, Nohl used an inexpensive, modified 7-year-old Motorola cellphone and several free software applications as his main and only interception tool. Once created, this cell phone was capable of scanning a 3.1 mile radius at a time to see all of the Internet data that phones in the area were sending. Nohl tested this tool in multiple European nations and has had much success with it. In fact, he found that he could easily breach and read all four of Germany’s mobile networks, and that most of Italy’s service providers didn’t use any encryption at all.
Seeing as his algorithms basically strip away all of the security on mobile Internet, leaving everything from personal messages to passwords and sensitive financial information exposed for the world to see, Nohl wants mobile operators to step up their security and is looking to do it fast. Although it sounds a bit harsh, the way that Nohl will force network operators to make this change is by releasing his algorithms to the world, making this update a necessity without which the mobile Internet will not be safe for use.
“We are releasing the software needed to reprogram cheap Motorola phones to become GPRS interceptors,” Nohl said. “This exposes operators with no encryption, like those in Italy, to immediate risk.”
Nohl says that this release will give mobile operators a few months to create the security update before other hackers learn how to use it for the same type of data interception. We hope that the network providers are swift enough to patch this up before mobile Internet becomes the equivalent of openly broadcasting all your personal information to the world.