The GSM encryption algorithm was broken

Put your tinfoil hats on - GSM encryption has been broken. This means that Evil Doers can listen in on your calls and read your SMS messages. Law enforcement agencies already have that capability, so this doesn't change things if Big Brother eavesdropping is what worries you.

The encryption algorithm used in the GSM network is called A5/1 and was developed in the distant year of 1987. There is a new standard called A5/3, which is much more secure, though not used by most carriers yet.
The published materials are not actually a complete wire-tapping tool - releasing that would be illegal. But it's a step away from becoming one. For about $30,000 you can buy hardware that would allow you to listen in on a call in real time. If real-time eavesdropping is not required, the price falls down to a few thousand dollars.

Click here to Read updated response from GSMA association..

Of course, any sort of wire-tapping is illegal in most countries, as the GSMA was quick to point out, but that's like saying you can't buy a car that can go over 50 kilometers per hour because that would break the speed limit.

Still, wire-tapping hasn't been demonstrated (the researches don't want to go to jail and what not), so it's not clear how easy it would be to actually pull off in practice. The researchers claim that their main motivation is to push carriers to update to the new encryption algorithm and they just might - if they get enough bad publicity.
And before you actually put on a tinfoil hat and stop using your mobile phones keep two things in mind: 1) no one will pay 30 grand to listen to you talk to your mom and 2) phone scams are a much bigger security threat than breaking the GSM encryption.


No comments:

Post a Comment