RSS Alerts

Related Links

Related Stories

  • Giesecke & Devrient play secure Android card
    Cellular specialist Giesecke & Devrient (G&D) has unveiled a memory card for Android mobile phones that is claimed to make applications running on the host Android-compliant handset ultra-secure.
  • Vodafone develops encrypted password vault for smartphones
    Vodafone has revealed it is developing a secure and encrypted data / password vault for smartphones. Known as Keeper Mobile, the encryption technology will be released by the mobile carrier's operations worldwide by the end of the year.
  • RSA unveils iPhone SecurID application
    RSA, the security division of EMC, has unveiled SecurID Software Token for iPhone Devices which it claims allows the Apple cellular handset to be used an RSA SecurID authenticator.
  • GSM encryption hacks trigger sales surge in mobile data crypto software
    The recent cracks of the A5/1 and A5/3 encryption systems seen on GSM and 3G cellular networks has resulted in an unexpected surge in sales of encrypted mobile broadband data software.
  • 3G encryption cracked in less than two hours
    In a jaw-dropping piece of research, a trio of researchers have published a paper explaining how the A5/3 encryption system – which is being phased in on many 3G cellular networks around the world – can be cracked in less than two hours.

News

GSM 64-bit encryption standard cracked and posted to web

30 December 2009

Mobile hardware vendors and carriers alike will have been less than pleased to learn that a German security researcher has not only cracked the GSM A5/1 encryption standard, but posted the resulting multi-terabyte decoded tables to the internet.

Karsten Nohl - who along with fellow researcher Henryk Plotz - hit the headlines two years ago when he publicly revealed how the MiFare encryption system worked.

Nohl announced his findings at the annual Chaos Computer Club conference in Germany this week. Ironically, it was at the same conference two years ago that Nohl startled the encryption community with his MiFare findings.

The 64-bit A5/1 crypto standard was developed in the late 1980s in preparation for the first GSM digital phones when they appeared in the early 1990s.

The good news is that the ageing standard - on which an estimated 80% of the world's mobile phones are based - is due to be phased out in favour of the 128-bit A5/3 crypto system, although few mobile carriers yet support this standard.

The publication of the 64-bit crypto tables means a lot more than the possibility that GSM calls can be eavesdropped, however, as - in theory at least - a hacker could `tumble' the required ID codes of legitimate calls from the airwaves, and then generate a fraudulent call using this data.

The task for a would-be mobile hacker is not an easy one, however. Nohl and a team of 24 other researchers were involved in the cracking and compilation of the two terabyte code book.

Add in the fact that the code book is being offered via the BitTorrent file-sharing system - which means a download could take a significantly long time - and we suspect the mobile carriers won't be overly concerned.

 

This article is featured in:
Encryption Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water