Did you know that the vast majority of calls carried out on the 3.5 billion GSM connections in the world today are protected by a 21-year old 64-bit
encryption algorithm? You should now, given that the A5/1 privacy algorithm, devised in 1988, has been deciphered by German computer engineer Karsten Nohl and published as a torrent for fellow code cracking enthusiasts and less benevolent forces to exploit. Worryingly, Karsten and his crew of merry men obtained the binary codes by simple brute force -- they fed enough random strings of numbers in to effectively guess the password. The
GSM Association -- which has had a 128-bit A5/3 key available since 2007, but found little takeup from operators -- has responded by having a whinge about Mr. Nohl's intentions and stating that operators could just modify the existing code to re-secure their networks. Right, only a modified 64-bit code is just as vulnerable to cracking as the one that just got cracked. It's important to note that simply having the code is not in itself enough to eavesdrop on a call, as the cracker would be faced with just a vast stream of digital communications -- but Karsten comes back to reassure us that intercepting software is already available in customizable open source varieties. So don't be like Tiger, keep your truly private conversations off the airwaves, at least for a while.
posted December 29th 2009 4:18AM
So Big Brother could have some competition...
@shogunmaster
apparently big brother can hear and watch now..Is there any privacy left?
@liftedngifted1 It has been cracked for years but only in private groups(who likely sold it to private/government organisations) thank god that someone raised public awareness of this.
@liftedngifted1
Body language. Excluding a nod.
As if big brother needs hacks, they can get all the keys they want from the carriers, presented to them on a silver plate surrounded by watercress.
@shogunmaster I'm still expecting a call from ARIA any day now telling me I've been activated ...
"So don't be like Tiger, keep your truly private conversations off the airwaves, at least for a while"
*Sigh*
Mr. Woods is not gonna live this down for a while...
@BuryTheCastle Hmmm Not if you are using Verizon ( or Sprint ) ... There is an Airwave for that ! (CDMA hohoho)
@BuryTheCastle
He shouldn't...
my favorite color is blue
all me blnt
Wow a 21 year old 64 bit key, and we're just now hearing it got cracked. Ha don't make me laugh It's probably been cracked for years maybe even a decade, this is just the first person who's nice enough to tell us.
@Link2877 I'm very much inclined to agree. I'm baffled by how incredulous the GSM Association is acting -- they should show some backbone and fix the problem instead of moaning that Karsten demonstrated it.
@Link2877
I think we should cancel GSM voice , only use HSDPA and LTE for Data , do VOIP with end to end encryption.
@Ahmed Alzayani I dont think his gayness Perez Hilton will like that.... He loves to tap into them conversations.
@Link2877 Karsten said he didn't feel bad about disclosure because the algorithm has already been cracked for 15 years -- it's just that the rainbow table implementation has made the cracking faster and use less computing power.
@Vlad Savov fixing it would involve changing every GSM phone that is currently on the market... and every operator... not an easy thing to do..
Y'know, even if this is engadget, you should really do some reading... they didn't break some magical "key" hidden in every gsm device for 21 years... they broke the friggin' A5/1, a stream cipher which has been known to suck for many many years.
Oh, btw, using a newspaper as a source for an IT security news is just bound to bring FAIL.
@Ahmed Alzayani
Agree ..
so do it like us
Im in germany but only talk chinese in shanghainese dialact on the phone with my mum i. e. :D
@kiyu727
They could always just record it and get a translator :P
@kiyu727 So sad you only talk to your mom :S And will all those HOT German chicks!!!
@TikiTeko
who said that ..... 8D
@geekthree
suuure, didnt know google already published voice to voice translation 8D
@kiyu727
Yeah, like there's not a billion people who can understand Chinese :)
@kiyu727
TERRORIST
j/k
@Jose
its hard for them to understand chinese with shanghainese dialect ;)
if someone talks with me in "Platt-deutsch" (a northern version of german) I wouldnt understand a single word :D
@ TheHoldSteady
where do you live ..................... :p
Typical of new reporting today that only half the story is given and of course it's the alarmist half. Mr. Nohl didn't actually break any encryption and his efforts were more a proof of concept than anything else. More importantly, even if he had broken the encryption, each call is encrypted on a per call basis. In other words someone that didn't have access to your phone and the carriers back end couldn't do jack shit.
@CJ100570
Wheeew!
* turns my phone on again *
@CJ100570
right, as if creating a rainbow table that allows you to find the encryption key of every call in 3-5 min doesn't count as breaking a cipher...
from a purely cryptonalitical pov this is indeed true, but to me a cipher which is easily circumvented in less than 20 mins looks like it's friggin' broken
so CDMA still good?
@Wai
Still? When was it good?
@Wai That question combined with your avatar made me laugh. A good, heartfelt belly laugh. Thank you.
@Endadget
I think he means the fact that CDMA is more secure that the GSM system + the fact that it's faster in most situations.
@Wai Depends on how much Sprint and Verizon paid to have this go public.. :)
@COCOViper Except when you need to access data at the same time as you're making a call. If you're tethering this is a fairly crucial failing on the part of CDMA. Plus that very few places around the world use it, making it a pain if you travel, as many do.
Once more the carriers FAIL to foresee that this kind of thing could happen. It does not really matter who cracked the code, how or when or, how it is reported.
The bottom line is that the method to crack GSM 64 bit is out there free, and for all to use and the carriers have had a 128 bit solution available for years and have not bothered to implement it.
I doubt most people will bther to listen in - carriers, obviously already can, but why do these idiot carriers wait until the horse has bolted beore even looking to see if there is a stable dorr available?
@(Unverified)
Mainly because it would cost them a lot of money to do it, and no one would really notice that they had done so.
From a business perspective, that makes little sense.
I don't need no 64-bit cracking algorithm code to eavesdrop on a phone call. just put me in front of one of them in a really really quiet room................... and i'll take out my voice recorder............. i guarantee you.... i'll be able to crack the conversation within the next 5-10 years.
Breaking news just two years after The Washington Post...
http://blog.washingtonpost.com/securityfix/2008/02/research_may_spell_end_of_mobi.html
@ztp
Kinda...
They didn't crack and publish it the last time, they just said they'd cracked it, Engadget's post still stands as new content i think
Verizon has a new reason to laugh at AT&T.
@bighap Yes, there is CDMA for that.
CDMA > GSM.
@xjman349
What's that? I can't hear you over my longer battery life and Youtube videos loading in the background while I'm talking..
@xjman349
or should that be HSPA > CDMA = GSM ?? probably a bit closer...
@xjman349 How do you guys feel AWS compares? Sorry if this is a dumb question, but I've never owned a cellphone (I know...)
@xjman349 Yeah, but that's only true if the CDMA you are talking about is WCDMA, also known as UMTS/HSPA. CDMA2000 (what VZW uses) is a technological dead end. If CDMA2000 is so great, why is VZW rushing toward LTE with such abandon?
@ipaladin
How can you compare the CDMA standard from 9 years ago to the LTE standard that hasn't even been finalized?
He was making the point that on the whole, CDMA is a more secure (and typically faster) radio technology than GSM (in it's currently deployed state of UMTS, EDGE, and HSPA).
@Endadget
That sounds like bad signal to me...
"What's that? I can't hear you over my longer battery life and Youtube videos loading in the background while I'm talking.."
@ipaladin if that is true why does it seem that the GSM group keeps following in CDMA's footsteps? I would say 5g would be wimax based but since they are so similar to LTE i doubt that would happen.