Thursday, December 31, 2009

Hacking GSM code is possible now German scientist Karsten Nohl

A GROUP of scientists claim to have cracked the security code that protects around 80 per cent of the world’s mobiles phones.

A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of billions of cell phone users secret.

Billions of mobile phone users around the world are at risk of having their calls intercepted and recorded after hackers broke the encryption used to protect 80 per cent of the world’s mobiles

But their work wasn’t seen as an immediate threat by the group that represents hundreds of GSM operators worldwide.

Led by German researcher Karsten Nohl, the 24-person team spent five months trying to decrypt the algorithm that prevents eavesdropping on GSM
networks.

According to various media reports, Mr Nohl said they had created a codebook that illustrates how the system can be circumvented.

GSM-standard mobile phones have long relied on an encryption algorithm dubbed A5/1. It is use to scramble the signal during communications between a handset and base station. This makes it difficult for calls to be intercepted.

He shared his exploits with participants at a Berlin hackers conference this week.

But in a statement the GSM Association said Mr Nohl’s discovery did not lead to a practical attack.

“We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical
attack on GSM,” it said.

Over the past few years, the association has come across a number of academic papers on how A5/1 decryption but
to date, none could be used on live GSM networks.

“(The) A5/1 has proven to be a very effective and resilient privacy mechanism.

“By comparison, inexpensive and readily available radio scanners could be used to intercept calls on the analogue mobile networks that pre-dated
GSM and which did not use encryption.”

No comments:

Post a Comment