Page last updated at 11:45 GMT, Tuesday, 29 December 2009

Secret mobile phone codes cracked

By Jonathan Fildes
Technology reporter, BBC News

Man using mobile, BBC
Encryption is used on mobiles to stop eavesdropping

A German computer scientist has published details of the secret code used to protect the conversations of more than 4bn mobile phone users.

Karsten Nohl, working with other experts, has spent the past five months cracking the algorithm used to encrypt calls using GSM technology.

GSM is the most popular standard for mobile networks around the world.

The work could allow anyone - including criminals - to eavesdrop on private phone conversations.

Mr Nohl told the Chaos Communication Congress in Berlin that the work showed that GSM security was "inadequate".

"We are trying to inform people about this widespread vulnerability," he told BBC News.

"We hope to create some additional pressure and demand from customers for better encryption."

The GSM Association (GSMA), which devised the algorithm and oversees development of the standard, said Mr Nohl's work would be "highly illegal" in the UK and many other countries.

"This isn't something that we take lightly at all," a spokeswoman said.

Mr Nohl told the BBC that he had consulted with lawyers before publication and believed the work was "legal".

'Secret key'

Mobile phone
GSM encryption was first introduced in 1987

Mr Nohl, working with a "few dozen" other people, claims to have published material that would crack the A5/1 algorithm, a 22-year-old code used by many carriers.

The code is designed to prevent phone calls from being intercepted by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels.

It is known to have a series of weaknesses with the first serious flaw exposed in 1994.

Mr Nohl, who describes himself as an "offensive security researcher", announced his intention to crack the code at the Hacking at Random (HAR) conference in The Netherlands in August this year.

"Any cryptographic function is a one way street," he told BBC News. "You should not be able to decrypt without the secret key".

To get around this problem, Mr Nohl, working with other members of the encryption community, used networks of computers to crunch through "every possible combination" of inputs and outputs for the encryption code. Mr Nohl said there were "trillions" of possibilities.

It lowers the bar for people and organisations to crack GSM calls
Ian Meakin
Cellcrypt

All of the outputs are now detailed in a vast table, which can be used to determine the encryption key used to secure the conversation or text message.

"It's like a telephone book - if someone tells you a name you can look up their number," he said.

Using the codebook, a "beefy gaming computer and $3,000 worth of radio equipment" would allow anyone to decrypt signals from the billions of GSM users around the world, he said.

Signals could be decrypted in "real time" with $30,000 worth of equipment, Mr Nohl added.

'Not practical'

It has previously been possible to decrypt GSM signals to listen in on conversations, but the equipment cost "hundreds of thousands of dollars," experts said.

According to Ian Meakin, of mobile encryption firm Cellcrypt, only government agencies and "well funded" criminals had access to the necessary technology.

He described Mr Nohl's work as a "massive worry".

"It lowers the bar for people and organisations to crack GSM calls," he told BBC News.

"It inadvertently puts these tools and techniques in the hands of criminals."

However, the GSMA dismissed the worries, saying that "reports of an imminent GSM eavesdropping capability" were "common".

It said that there had been "a number" of academic papers outlining how A5/1 could be compromised but "none to date have led to a practical attack".

The association said that it had already outlined a proposal to upgrade A5/1 to a new standard known as A5/3 which was currently being "phased in".

"All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," the spokeswoman said.



Print Sponsor


SEE ALSO
Firefox for mobile ready to debut
22 Dec 09 |  Technology
4G network comes to Scandinavia
14 Dec 09 |  Technology
EU cracks down on mobile services
17 Nov 09 |  Technology
SonyEricsson debuts Android phone
03 Nov 09 |  Technology
Anti-wi-fi paint offers security
30 Sep 09 |  Technology
Worm attack bites at Apple iPhone
09 Nov 09 |  Technology
Tech Know: How to hack a handset
30 Oct 09 |  Technology

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites



FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2013 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific