Print 51 comment(s) - last by formulav8.. on Jan 5 at 1:56 PM

The cat's out of the bag -- after 28 years the 64-bit A5/1 algorithm that encrypts over 3.5 billion users' cell phone traffic, has been cracked and the results published.  (Source: Suldog)
Cell phone industry group calls the research "illegal"; insists that there is little threat

For 21 years, the same encryption algorithm, A5/1, has been employed to protect the privacy of calls under the Global Systems for Mobile communications (GSM) standard.  With the GSM standard encompassing 80 percent of calls worldwide (AT&T and T-Mobile use it within the U.S.) -- far more than the leading rival standard CDMA -- this could certainly be considered a pretty good run.  However, someone has finally deciphered and published a complete analysis of the standard's encryption techniques in an effort to expose their weaknesses and prompt improvement.

Karsten Nohl, a 28-year-old German native, reportedly cracked the code and has published his findings to the computer and electronics hacking community.  Mr. Nohl, who cites a strong interest in protecting the privacy of citizens against snooping from any party, says that his work showcases the outdated algorithms' flaws.

At the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin, he revealed his accomplishments.  He describes, "This shows that existing GSM security is inadequate.  We are trying to push operators to adopt better security measures for mobile phone calls."

The GSM Association, the London-based group that developed the standard and represents wireless companies, was quick to blast the publication calling Mr. Nohl's actions illegal and counterintuitive to the desire to protect the privacy of mobile phone calls.  However, they insist that the publication in no way threatens the standard's security.

Claire Cranton, an association spokeswoman, confirmed that Mr. Nohl was the first to break the code, commenting, "[Security threats from the publication of this standard are] theoretically possible but practically unlikely.  What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me."

Mr. Nohl attended college in the U.S. and received a PhD in computer engineering from the University of Virginia.  Via a similar publication, he managed to convince the DECT Forum, a separate standards group based in Bern, to upgrade its own security algorithm, improving the protection to the standard's 800 million customers in the process.

And while the trade group is only on yellow alert, some security experts disagree with the group's threat analysis, as well, saying the threat could be far more serious.  One expert suggested that calls may soon need to be scanned for malicious activity, much as an antivirus scanner works on a computer.

Stan Schatt, a vice president for health care and security at the technology market researcher ABI Research in New York, opines, "Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls."

The process of cracking the algorithm involved the help of 24 members of the Chaos Computer Club in Berlin, who helped generate the random combinations needed to try and reproduce the standard's code book, so to speak.  The vast log of binary combinations forms the basis of the A5/1 encryption -- and how to undo it.  And it's now on torrents worldwide.

Despite that, Mr. Nohl insists that his actions aren't illegal.  He says he took great precautions to make sure his work was kept purely academic, in the public domain, and that it was not used to crack any actual digital telephone calls.  He states, "We are not recommending people use this information to break the law.  What we are doing is trying to goad the world’s wireless operators to use better security."

A5/1 is a 64-bit security algorithm.  Despite this particular algorithm's run, 64-bit encryption is considered weaker by today's standards.  Today 128-bit algorithms are considered to be strong enough to protect most data.  The GSM Association has devised a 128-bit successor to A5/1, dubbed A5/3, but it has failed to push the standard out across much of the industry.

The Association claims that there's little danger of calls being intercepted as hackers would have to pick one call stream out of thousands at a cell phone tower.  They say that this would take prohibitively expensive sophisticated equipment and software.  Security experts disagree with this assessment -- including Mr. Nohl who pointed out that there was a wealth of open source software and cheap equipment to accomplish exactly those sort of objectives. 

Simon Bransfield-Garth, the chief executive of Cellcrypt, a company based in London that sells software, agrees, saying that the publications opens call interception to "any reasonable well-funded criminal organization".  He adds, "This will reduce the time to break a GSM call from weeks to hours.  We expect as this further develops it will be reduced to minutes."

Why is that a big deal?  Over 3.5 billion people use GSM worldwide, including 299 million in North America.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

64 bit?
By amanojaku on 12/29/2009 9:48:12 AM , Rating: 4
It's a wonder this wasn't cracked sooner. I've read that even 128 bit can be cracked, and people are nervous about 192 bit. 256 bit is the only thing that, so far, is considered truly secure.

RE: 64 bit?
By BrandtTheMan on 12/29/2009 9:50:11 AM , Rating: 5
technically nothing is truly secure.

RE: 64 bit?
By LRonaldHubbs on 12/29/2009 9:57:19 AM , Rating: 5
I think by 'truly secure' they really mean that it would take an impractically long amount of time for a modern supercomputer to brute-force.

RE: 64 bit?
By tastyratz on 12/29/2009 10:05:54 AM , Rating: 5
yup, and 23 years ago 64 bit WAS "truly secure" by the same standard.
As computers get faster the algorithms need to become increasingly complex even if only because of the ever increasing brute strength capabilities.

Security is never perfect, only cost vs benefit. All forms of security are just a pricetag.

RE: 64 bit?
By bennyg on 1/5/2010 8:04:12 AM , Rating: 2
...while the theoretical chance still exists that the first key tried in a brute force attempt works no matter what the length, that isn't what I'd call "Truly secure", but of course I'm a legal not a marketing man.

I think more accurate is "Practically" secure ;)

RE: 64 bit?
By DEVGRU on 12/29/2009 12:04:25 PM , Rating: 5
After 21 Years, GSM Encryption is Cracked Putting 3.5B Users at Risk

This is news? Yeah, I'm pretty sure the US Government had this cracked 21 years ago. Nothing to see here, move along.

RE: 64 bit?
By foolsgambit11 on 12/29/2009 12:36:55 PM , Rating: 3
Yeah, that's what I thought, too. It's like the invention of open key cryptography. It was invented in classified realms before it was invented by the private sector, but it couldn't be released for public consumption, so the first inventors weren't known for years. Governments may reveal that they've known how to crack GSM for years, but it won't be for a very long time, since this tech would actually have been practically used for collection, and will be classified for 30-50 years, depending on the country.

RE: 64 bit?
By jnolen on 12/29/2009 12:51:47 PM , Rating: 5
Or they had a back door in to begin with.

RE: 64 bit?
By FITCamaro on 12/29/2009 7:49:56 PM , Rating: 2
You are correct. US law requires that the government be able to eavesdrop on any communication taking place. Same goes for most other advanced nations.

RE: 64 bit?
By leexgx on 12/31/2009 9:20:36 AM , Rating: 2
the 64bit Encryption is only from phone to cell tower so they would listen on the tower or routed via the eavesdrop equipment (i know its more complicated then that but snooping on the phone call over the air would require a lot of compute power)

RE: 64 bit?
By amagriva on 1/3/2010 11:46:07 AM , Rating: 1
Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety.

Other advanced nations?

You meant that US can spy other advanced nations with Echelon?

In real advanced nations to tap phones you need a judge's order.

Years of Bush brainwashing have accomplished the mission...
You got chains without knowing it...

RE: 64 bit?
By frobizzle on 12/29/2009 1:29:33 PM , Rating: 2
You are correct - this is definitely not news. Back in September, Steve Gibson did a podcast on this and as far as I could tell, it was all over but the shouting.

RE: 64 bit?
By tsb3 on 12/29/2009 2:57:39 PM , Rating: 2

RE: 64 bit?
By Mike Acker on 12/30/2009 8:02:22 AM , Rating: 2
="technically nothing is truly secure. "


Suggested reading: Vernam cypher. you need a 1-time pad though so it isn't practical for most use.

For most use your cypher only needs to be passable. If you have truly sensitive data you need to put more thought into how to secure the data... in an extreeme case: are you willing to trust someone else' cypher? I don't think so.

RE: 64 bit?
By jimhsu on 1/3/2010 6:34:38 PM , Rating: 2
Also incorrect. I could also say that quantum cryptography is truly secure, but all security protocols involve more than exchanges of data through a connection - think about the users! I could easily defeat your one time pad by attacking you during the encryption process and capturing your one time pad material (that is precisely what happened MULTIPLE times with Enigma back in WWII), or sifting through the ashes to find a trace of paper that didn't burn, or I could also capture you and send you off to be waterboarded to get the material that way.

Security is more than algorithms. Cryptonomicon teaches that well.

RE: 64 bit?
By jimhsu on 1/3/2010 6:38:02 PM , Rating: 2
What the one time pad guarantees is Shannon security - that is, the crypttext can be decrypted into any number of plaintext messages of the same length. This guarantee only holds when the one time pad is truly random (and humans are TRULY horrible at generating random numbers, even with the assistance of devices such as dice). Cryptonomicon has a nice section on this.

RE: 64 bit?
By tdktank59 on 12/29/2009 9:56:05 AM , Rating: 3
Well nothing is truly ever secure. Its all a matter of how much effort it takes. (mostly time now a days)

As for the article saying everyone was bashing on him for wanting to protect peoples data and not expose it by leaking the information.

Id have to say I agree, at least this person was willing to release his findings in an academic manner (most likely repeatable) so it should be easier to patch/upgrade the existing system.

Think about if someone who was malicious found this before his team did and never revealed it. How long would it have taken to figure out that peoples calls were being listened in on (of course the government is doing it anyways but besides them)

RE: 64 bit?
By wrekd on 12/29/2009 12:43:27 PM , Rating: 3
Well with GSM, the encryption comes from the frequency hopping between 80 channels. It's not like they had the ciphertext or plaintext laying around for analysis. Yes 64 bit encryption is easy to break if you have an actual file to analyze. They had to sniff the hops. This was far more than just cryptanalysis, it also took some good frequency analysis as well.

RE: 64 bit?
By fox12789 on 12/30/09, Rating: -1
RE: 64 bit?
By fox12789 on 12/30/09, Rating: -1
RE: 64 bit?
By formulav8 on 1/5/2010 1:56:31 PM , Rating: 1
You are absolutely pathetic. You know very well that no one wants to view your useless spam post. Go spam your own website...

RE: 64 bit?
By Shining Arcanine on 1/2/2010 8:31:35 PM , Rating: 2
I think 4096 bits are necessary to prevent it from being cracked some time in the next 30 years.

"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki