GSM 64-bit encryption standard cracked and posted to web

Karsten Nohl - who along with fellow researcher Henryk Plotz - hit the headlines two years ago when he publicly revealed how the MiFare encryption system worked.

Nohl announced his findings at the annual Chaos Computer Club conference in Germany this week. Ironically, it was at the same conference two years ago that Nohl startled the encryption community with his MiFare findings.

The 64-bit A5/1 crypto standard was developed in the late 1980s in preparation for the first GSM digital phones when they appeared in the early 1990s.

The good news is that the ageing standard - on which an estimated 80% of the world's mobile phones are based - is due to be phased out in favour of the 128-bit A5/3 crypto system, although few mobile carriers yet support this standard.

The publication of the 64-bit crypto tables means a lot more than the possibility that GSM calls can be eavesdropped, however, as - in theory at least - a hacker could `tumble' the required ID codes of legitimate calls from the airwaves, and then generate a fraudulent call using this data.

The task for a would-be mobile hacker is not an easy one, however. Nohl and a team of 24 other researchers were involved in the cracking and compilation of the two terabyte code book.

Add in the fact that the code book is being offered via the BitTorrent file-sharing system - which means a download could take a significantly long time - and we suspect the mobile carriers won't be overly concerned.

What’s Hot on Infosecurity Magazine?