Experts Break Mobile Phone Security

The algorithm used to protect the security of communications on 80 percent of cell phones in the world can be relatively easily cracked to intercept calls, according to cryptographers at the 26th Chaos Communication Congress, a computer conference in Berlin. A German researcher presented an attack on the Global System for Mobile Communications (GSM)--showing it's possible to eavesdrop on cell phone calls and intercept SMS messages. Mobile phones worldwide use GSM, though in the United States many carriers, including Verizon and Sprint PCS, use a competing standard.
Karsten Nohl, who has a PhD in computer science from the University of Virginia, says he demonstrated the GSM attack to encourage people to develop a more sophisticated means of protection. GSM encryption was introduced in 1987, and first showed cracks in the 1990s. Nohl points to a series of academic papers illustrating problems with A5/1, which is used to protect GSM calls.

Nohl says that despite these concerns, people trust GSM with ever more sensitive data. In particular, there have been recent moves to use the standard for mobile banking, payments, and authentication.

Working with a group of hackers, Nohl generated and published a "rainbow table" for A5/1. This table is an optimized set of codes that would allow an attacker to quickly find the key protecting a given phone conversation. The group also cracked another algorithm that protects conversations by shifting communications between mobile phones and base stations to a variety of different frequencies during a call.

"It would be a good time to start transitioning GSM systems to more advanced cryptographic algorithms," says David Wagner, a professor at the University of California at Berkeley who was involved in work in the early 2000s that proved it was possible to break A5/1. "We should be grateful. We don't always get advance warning that it's time to upgrade a security system before the bad guys start taking advantage of it."