Now, hackers can listen to your calls

By SiliconIndia   |   Tuesday, 29 December 2009, 10:41 Hrs   |    7 Comments
Printer Print Email Email
Berlin: A German computer engineer, Karsten Nohl has deciphered the code used to encrypt most of the world's digital mobile phone calls and published it saying it was his attempt to expose weaknesses in the security of global wireless systems. He announced this in front of around 600 attendees at the Chaos Communication Congress, a four-day conference of computer hackers that takes place in Berlin, according to New York Times.

Nohl said that he has published the information to public to demonstrate effectiveness of the 21-year-old GSM (global system for mobile communication) algorithm, a code developed in 1988 and still used to protect the privacy of 80 percent of mobile calls worldwide. "This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls," said Nohl.

The GSM Association, the industry group based in London that devised the algorithm and represents wireless companies, called these efforts illegal and said they overstated the security threat to wireless calls. "This is theoretically possible but practically unlikely," said Claire Cranton, an Association spokeswoman. She said no one else had broken the code since its adoption. "What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me."

But there are many security experts who are supporting Nohl in his efforts. "Organizations must now take this threat seriously and assume that within six months their organizations will be at risk unless they have adequate measures in place to secure their mobile phone calls," said Stan Schatt, Vice President for Health Care and Security at the technology market researcher ABI Research in New York.

GSM is the most widely used wireless-communications standard in the world. About 3.5 billion of the world's 4.3 billion wireless connections use GSM. In 2007, the GSM Association developed a 128-bit successor to the A5/1, called the A5/3 encryption algorithm, but most network operators have not yet invested to make the security upgrade.

Many have raised questions about the legal aspect of this effort but Nohl said he took precautions to remain within legal boundaries, emphasizing that his efforts to crack the GSM algorithm were purely academic, kept within the public domain, and that the information was not used to decipher a digital call. "We are not recommending people use this information to break the law," Nohl said. "What we are doing is trying to goad the world's wireless operators to use better security."

Nohl has made the Algorithm code book available on Bit Torrent but denied to provide a weblink fearing legal complications.

In a statement, the GSM Association said efforts to crack the algorithm were more complex than critics have asserted, and that operators, by simply modifying the existing algorithm, could thwart any unintended surveillance. The group said that hackers intent on illegal eavesdropping would need a radio receiver system and signal processing software to process raw radio data, much of which is copyrighted.

But Nohl said the hardware and software needed for digital surveillance were available free as an open-source product in which the coding is available for individuals to tailor to their needs.

Simon Bransfield-Garth, the Chief Executive of Cellcrypt, a company based in London that sells software, said Nohl's efforts could put sophisticated mobile interception technology - limited to governments and intelligence agencies - within the reach of any reasonable well-funded criminal organization. "This will reduce the time to break a GSM call from weeks to hours," Bransfield-Garth said during an interview. "We expect as this further develops it will be reduced to minutes."

SPOTLIGHT
Wipro opens third industrial
IT major Wipro Ltd on Thursday opened its centre of excellence for Industrial Internet of Things (..
IBM announces programme
n a bid to recognise the contribution of developers in the open source community, Information ..
Google's Gboard gets offline
Google is adding an Artificially Intelligent (AI) offline dictation feature on its Gboard keyb..
Facebook denies cyber attack
Facebook ruled out a cyber attack on its products Whatsapp, Instagram and Messenger, which suf..