A German computer scientist working with a team of experts has broken the code used to secure about 80% of the world’s mobile phones. But the group responsible for protecting GSM communications said Tuesday the feat is a “long way from being a practical attack.”
In a presentation given on Sunday at the Chaos Communication Conference in Berlin, Nohl said that he had compiled 2 terabytes worth of data — cracking tables that can be used as a kind of reverse phone-book to determine the encryption key used to secure a GSM telephone conversation or text message.
The AP report said the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites. The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl’s rationale, said the AP report.
The G.S.M. Association, the industry group based in London that devised the algorithm and represents wireless companies, called Mr. Nohl’s efforts illegal and said they overstated the security threat to wireless calls.
“Over the past few years, a number of academic papers setting out, in theory, how the A5/1 algorithm could be compromised have been published,” GSMA spokesperson Claire Canton told eWEEK. “However, none to date have led to a practical attack capability being developed against A5/1 that can be used on live, commercial GSM networks.”
Before the latest hack, hundreds of thousands of dollars of computer equipment was needed to break the GSM code, mostly limiting hacking to government agencies. Nohl told the conference that someone with the code book could eavesdrop on GSM communications using about $30,000 worth of computer gear, making such illegal activity possible by many more criminal organizations.
Mr. Nohl said the algorithm’s code book was available on the Internet through services like BitTorrent, which some people use to download vast quantities of data like films and music. He declined to provide a Web link to the code book, for fear of the legal implications, but said its location had spread by word of mouth.
Prior to this latest discovery, the GSMA had already been working on enhancing encryption, and has developed A5/3 to take the place of A5/1, Canton said.