Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Computer security researchers say they have cracked the encryption algorithm used to protect most cell phone communications, potentially allowing attackers to listen in on the calls of billions of individuals.Researchers Karsten Nohl and Chris Paget demonstrated the flaw in a presentation called "GSM: SRSLY?" at the Chaos Communication Conference in Berlin. Phones running Global System for Mobile Communications (GSM), a standard communications technology used for transmitting mobile voice and data services, are affected, according to the researchers. There are approximately four billion GSM phones worldwide, representing approximately 80 percent of the world's mobile market.GSM networks use encryption to scramble communications and make it difficult for criminals to intercept and eavesdrop calls, a spokeswoman at the GSM Association, an industry association representing mobile phone makers and operators, told SCMagazineUS.com in an email. Most GSM networks use the A5/1 cryptographic algorithm, which was first developed in 1987, to protect communications. But Nohl and Paget said their research proves that with a few thousand dollars and widely available open-source tools, A5/1 GSM encryption can be cracked, allowing an attacker to listen in on phone calls. An attack of this nature would be illegal in many countries, including the United States, but the researchers said that A5/1 GSM encryption is already “constantly being circumvented by intelligence, law enforcement, and criminals.” A5/1 was first shown to be insecure in 1994 and has since faced considerable scrutiny from the academic community, Nohl and Paget said in their presentation. All of the previous attempts to crack the encryption algorithm, however, were either not made public or were not deemed practical. With their research, Nohl and Paget intended to publicly demonstrate that GSM encryption is insufficient. As a result of their findings, the researchers argued that GSM's security "must be overhauled.”The GSM Association, however, said the researchers of the A5/1 GSM hack have “underestimated its practical complexity.” “We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,” the GSM Association spokeswoman said. “A5/1 has proven to be a very effective and resilient privacy mechanism.”The GSM Association has developed a new privacy algorithm, called A5/3, which is said to be much stronger than A5/1, she said. “This new privacy algorithm is being phased in to replace A5/1,” the spokeswoman said.See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.