GSM (Cell Phone) Encryption Cracked

Source: PC World

The unveiling of a GSM (Global System for Mobile Communications) encryption codebook compiled by a German security researcher and his team of collaborators lowers the bar significantly for the amount of money and technical expertise required to listen in on a GSM-based mobile phone call. More importantly, it illustrates just how old the current GSM encryption is and demonstrates why it's time for an upgrade.

Law enforcement officials and well-financed cyber criminals have been able to crack GSM encryption for sometime, but the investment was so high that it didn't pose much of a threat. This new method lowers the price of entry to the point that it is more of an issue, but still not a high risk.

Karsten Nohl announced that he and his team have compiled 2 terabytes worth of GSM encryption data. PC World's Robert McMillan explains that the results are like "cracking tables that can be used as a kind of reverse phone-book to determine the encryption key used to secure a GSM (Global System for Mobile communications) telephone conversation or text message."

GSM is the most widely-used mobile phone technology in the world--accounting for over 80 percent of the world's 4.3 billion mobile phones. The encryption algorithm that protects GSM-based calls from being intercepted and eavesdropped is more than twenty years old, though

Read more: http://www.pcworld.com/businesscenter/article/185552/gsm_encryption_cracked_showing_its_age.html

---

Still not a high risk? Karsten Noh said a 'gaming' PC could decode an entire conversation in a few minutes. Put together a grid of about 30 Xeons and you can listen live.

More to the point, a more secure version, 128-bit A5/1 has been held up by Telco's for years, ostensibly because of the cost of upgrades. Beyond that, the entire GSM algorithm is ancient. AES 256 bit, the standard on most wireless set ups, was readily available in 2003 but for some reason, consumers have been denied up to date security. No Such Agency.

my burrito orders are NOT public information! :wtf:

:hide:

Tiger? Is that you?

Considerable work was required to secure Obama's Blackberry.

oh crap. I'm done for. :hide:

... "extra chipotle" with your "chimichanga."

... I wish I knew :)

They could tap in on the wireless provider side after the data has been decrypted. I doubt they waste much time trying to eavesdrop on the over-the-air transmission when a much easier and reliable method is available.

it will monitor your call. Mostly, they're not interested, unless your call is going to or coming from a number they're interested in.

AES is the US Military Standard.

They've been unencrypting stuff for decades. They're very, very good at it. It's their business.

I can't go into any further detail, though.

"Your phone is not secure, any teenager with a couple dozen computers can hack into it. Now, buy the most secure phone in the world, the Blackberry Vault for only five hundred dollars. Your secure phonesex is worth it."

And people will buy it, just like the suckers they are.

The big bucks lie in upgrading THEIR networks, including each and every tower.

pick anything out, they're dumped forthwith. If something is flagged, they're stored, or looked at by a human, who dumps them about 99.99% of the time.

In general, your digital communications are of little to no interest to anybody, even the recipients, in most cases.

once you type something in a keyboard, assume it is no longer secure, IMHO

at least most of it is.

Make NSA want to pull their hair out. :)