German experts publish online guide to decrypt GSM code

A German security expert, along with a group of researchers, posted online a how-to guide for cracking the encryption that keeps the calls of billions of mobile phone users secret. Karsten Nohl, 28, said that he, working with others online and around...

A German security expert, along with a group of researchers, posted online a how-to guide for cracking the encryption that keeps the calls of billions of mobile phone users secret.

Karsten Nohl, 28, said that he, working with others online and around the world, created a codebook containing how to get past the GSM standard encryption used to keep conversations on more than three billion mobile phones safe from prying ears.

Mr Nohl said the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites.

"The message is to have better security, not we want to break you," he said of the move. "The goal is better security. If we created more demand for more security, if any of the network operators could use this as a marketing feature... that would be the best possible outcome."

GSM, the leading mobile phone technology around the world, is used by several wireless carriers in the US, with the largest being AT&T and T-Mobile USA. Verizon Wireless and Sprint Nextel Corporation use a different standard.

The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Mr Nohl's rationale.

Claire Cranton, a mouthpiece for the London-based group, said that "this activity is highly illegal in the UK and would be a serious offence under the Regulation of Investigatory Powers Act".

It has already been possible to intercept GSM calls, but the equipment is generally only available to law enforcement agencies. Even with Mr Nohl's exploit, expensive and sophisticated radio equipment placed close to the target is required to pull the calls off the air.

The new guide undermines the 21-year-old algorithm used to ensure the privacy of phone calls made on GSM (global system for mobile communication) mobile phone networks.

That algorithm, dubbed A5/1, is a 64-bit encryption function and was adopted in 1988. Since then 128-bit codes have been implemented to ensure caller privacy on newer, third-generation networks. The GSM Association has developed the A5/3 algorithm, which it says is gradually being phased in to replace A5/1.

Sign up to our free newsletters

Get the best updates straight to your inbox:

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.