A group of computer scientists have just published online to the world how they have cracked the long standing secret code used to protect conversations on mobile phones using GSM technology.
Karsten Nohl from Germany who said last August that he intended to crack the code has spent, along with 24 of his colleagues, the past five months working on it.
Now that they have succeeded, Mr Nohl said at an international meeting of hackers in Berlin, the Chaos Communication Congress “this shows that existing GSM security is inadequate”.
What this basically means is that more than 80 percent of the world’s mobile phones are not secure because armed with the code and a laptop, for a few thousand dollars someone could record calls and eavesdrop on conversations.
For most of us this would be nothing more than an unwelcome intrusion on our privacy but for those involved in national security and secret negotiations, the results could be disastrous.
“We are trying to inform people about this widespread vulnerability” BBC news reported Nohl as saying.
“We hope to create some additional pressure and demand from customers for better encryption.”
The GSM association are understandably not happy about the research and maintain that what Mr Nohl and his colleagues have done would be considered illegal in many countries.
Mr Nohl said that he has only revealed information that is already common knowledge and that their work has been purely academic.
He says he has compiled 2 terabytes of data cracking tables which can be used as a sort of reverse phone book to identify the key used to secure a GSM communication. He also reckons that criminals are probably using GSM cracking tools already.
“We have just basically copied what you can already buy in a commercial product” he said. Nohl is calling for security on GSM networks to be stepped up.
The Guardian reported a spokeswoman for GSM, Claire Cranton as saying “We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,”
“To do this while supposedly being concerned about privacy is beyond me.”
Still that doesn’t change the fact that GSM Networks obviously have a serious security flaw and I’m sure we’d all rather know about it regardless of whether the GSM association agrees or not.
