Computer security researchers say that GSM phones (which make up about 80% of the mobile phone market) can be listened in on by anyone with a few thousand dollars worth of hardware and some free open-source tools.
This Sunday at the Chaos Communication Conference in Berlin, Karsten Nohl unveiled his discovery and invention: the “cracking tables”, which is a 2 terabyte code that can be used to determine the encryption key to a secure GSM (Global System for Mobile communications) telephone conversation or text message. Meaning that with this code anyone with enough hardware can intercept a call or text message from a GSM mobile phone.
While Nohl didn’t create a GSM-cracking device (which would be illegal in most countries, including the U.S.) he used the information that had been common knowledge in most academic circles to make it usable. He also says that the flaw that allows calls and texts to be intercepted is the 20-year-old encryption algorithm used by most carriers. It’s a 64-bit cipher called A5/1 and it is simply too weak, according to Nohl. Using his cracking tables, antennas, specialized software, and about $30,000 worth of computing hardware to break the cipher, anyone can crack the GSM encryption in real time and listen in on calls.
“I certainly use my phone differently than before, trying to keep confidential calls on encrypted lines instead” said Karsten Nohl.