Tuesday, December 29, 2009

GSM security cracked

Looks like it's time to upgrade the standard:
A German computer scientist has cracked the codes used to encrypt calls made from more than 80% of the world's mobile phones.

Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.

Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.

Nohl claims that armed with the code, which has been published online, and a laptop with two network cards, an eavesdropper could be recording phone calls within 15 minutes.
From the Guardian. This part is interesting:
The GSM Association, which represents the interests of the worldwide mobile communications industry, played down the security threat and said Nohl's activity was "highly illegal".
Not in Germany, apparently, but what about the US? Remember Dmitry Sklyarov? He got off, but only because the jury concluded that he and his company didn't intend to break the law:
"We didn't understand why a million-dollar company would put on their Web page an illegal thing that would (ruin) their whole business if they were caught," he said in an interview after the verdict. Strader added that the panel found the DMCA itself confusing, making it easy for jurors to believe that executives from Russia might not fully understand it.
I'm not sure if Nohl would be able to use that defense. It will be interesting to see what happens if he ever sets foot in the US...

No comments: