GSM cracked

[Cain]

http://www.dailytech.com/After+21+Years+GSM+Encryption+is+Cracked+Putting+35B+Users+at+Risk/article17236.htm

For 21 years, the same encryption algorithm, A5/1, has been employed to protect the privacy of calls under the Global Systems for Mobile communications (GSM) standard. With the GSM standard encompassing 80 percent of calls worldwide (AT&T and T-Mobile use it within the U.S.) — far more than the leading rival standard CDMA — this could certainly be considered a pretty good run. However, someone has finally deciphered and published a complete analysis of the standard's encryption techniques in an effort to expose their weaknesses and prompt improvement.

Karsten Nohl, a 28-year-old German native, reportedly cracked the code and has published his findings to the computer and electronics hacking community. Mr. Nohl, who cites a strong interest in protecting the privacy of citizens against snooping from any party, says that his work showcases the outdated algorithms' flaws.

At the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin, he revealed his accomplishments. He describes, "This shows that existing GSM security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls."

The GSM Association, the London-based group that developed the standard and represents wireless companies, was quick to blast the publication calling Mr. Nohl's actions illegal and counterintuitive to the desire to protect the privacy of mobile phone calls. However, they insist that the publication in no way threatens the standard's security.

Claire Cranton, an association spokeswoman, confirmed that Mr. Nohl was the first to break the code, commenting, "[Security threats from the publication of this standard are] theoretically possible but practically unlikely. What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me."

Mr. Nohl attended college in the U.S. and received a PhD in computer engineering from the University of Virginia. Via a similar publication, he managed to convince the DECT Forum, a separate standards group based in Bern, to upgrade its own security algorithm, improving the protection to the standard's 800 million customers in the process.

And while the trade group is only on yellow alert, some security experts disagree with the group's threat analysis, as well, saying the threat could be far more serious. One expert suggested that calls may soon need to be scanned for malicious activity, much as an antivirus scanner works on a computer.

[Triple Zero]

[Jasper]

"Hey, I cracked your encryption.  You should get better encryption."

"NO DON'T DO THAT, THAT IS ILLEGAL.  DAMN YOU.  ANYWAY, IT'S NOT THAT BIG A DEAL."

    We're fucked.

[Reginald Ret]

"Hey, I cracked your encryption.  You should get better encryption."

"NOBODY WOULD DO THAT, THAT IS ILLEGAL.  GO BACK TO SLEEP.  ANYWAY, IT'S NOT THAT BIG A DEAL."

    We're fucked.

fixed

[Jasper]

lolz

I'm still laughing about the way Mr. Limbaugh used "sheep" rhetoric in that debate about healthcare.

[Cain]

"Hey, I cracked your encryption.  You should get better encryption."

"NO DON'T DO THAT, THAT IS ILLEGAL.  DAMN YOU.  ANYWAY, IT'S NOT THAT BIG A DEAL."

    We're fucked.

No, they're fucked.  We're doing awesomely.

[Shibboleet The Annihilator]

We're fucked.

Speak for yourself, I'm on a CDMA network.

[NotPublished]

It was bound to happen

[Triple Zero]

"Hey, I cracked your encryption.  You should get better encryption."

"NO DON'T DO THAT, THAT IS ILLEGAL.  DAMN YOU.  ANYWAY, IT'S NOT THAT BIG A DEAL."

    We're fucked.

No, they're fucked.  We're doing awesomely.

yes. it's not like the government wasnt listening already anyway. this is just a pointer to bring it to the big public in an effort to make it harder for them.

[Jasper]

You're all fucked with me because this is how huge entities deal with huge problems.

[Shibboleet The Annihilator]

Not always. When zero-day exploits were found for Adobe, Apple and Microsoft products, fixes were released within a few weeks. When WEP was cracked they released WPA, and before WPA was even cracked they released WPA2 and there are a couple of different encryption options for it.

[Golden Applesauce]

Ah, the classic "there was nothing wrong with our security until you found a hole in it" defense.

[Requia ☣]

Not always. When zero-day exploits were found for Adobe, Apple and Microsoft products, fixes were released within a few weeks. When WEP was cracked they released WPA, and before WPA was even cracked they released WPA2 and there are a couple of different encryption options for it.

It took more than 15 minutes to crack WEP?

[Freeky]

Who's with me in thinking that pursuing a degree in computer engineering is going to put you on a terrorist watch list from now on?

[Reginald Ret]

Ah, the classic "there was nothing wrong with our security until you found a hole in it" defense.

Well put good sir.