If you thought listening in on your cellphone calls was strictly the domain of the Feds and CIA spooks, think again. Even with some fancy-schmancy 64-bit A5/1 encryption protecting the 3.5 billion wireless GSM connections dotting the globe, your mobile phone doesn’t stand a chance against motivated hackers. We speak, of course, of the “security experts” who make it their mission to take down established security protocols. One of these engineers, Karsten Nohl, recently managed to compromise and publish the secret encryption codes used across many of the world’s GSM networks. Nohl says his intentions are to spur wireless carriers to upgrade their GSM infrastructure to a more secure encryption standard. But, this isn’t the first time we’ve boarded this ride.
You might be surprised to know that hackers have been able to crack the 21-year old GSM security algorithm for a decade or so. It was only a theoretical possibility for many years. Given the time and expense required to actually hack into a GSM voice call – it would involve computers crunching through 2TB (terabytes) worth of encryption codes – only the most dedicated (and well-funded) eavesdroppers out there had the capability listen to your voice calls.
That all changed in 2008, when a pair of security researchers presented their method for hacking into GSM calls at the Black Hat security conference. They claimed that all they needed was 30 minutes and $1,000 worth of gear (or 30 seconds and $100,000 in equipment) to hack GSM communications and pinpoint a device to within 200 meters. That was the first warning shot across the bow of GSM carriers.
This second warning shot hits a little closer to home. Nohl published his book of GSM encryption codes in hopes of showing the world that “existing GSM security is inadequate,” and attempt “to push operators to adopt better security measures for mobile phone calls.” It’s still no easy task to put the secret code into practical use, but Cellcrypt CEO Simon Bransfield-Garth “any reasonable well-funded criminal organization” would have the power to tap into mobile phone calls.
Of course, the GSM Association claims that the GSM codebook is only a piece of the eavesdropping puzzle. A typical cellphone conversation hops across 60 different frequencies over the course of a call, which is itself buried in a soup of thousands of other mobile phone calls. Thankfully, tracking a single call in real-time is still hard enough to let us sleep fairly comfortably at night.
It should be interesting to see how the wireless GSM industry responds to this development. A newer 128-bit encryption standard, known as the A5/3 standard, is now available to protect GSM phone calls. Unfortunately, many carriers are upgrading their networks to the more secure 3G technologies – an expensive undertaking, to be sure. Whether carriers choose to invest in securing their aging 2G GSM networks or leave them be and continue to march towards 3G-only ecosystems remains to be seen.