One leg of GSM encryption cracked, cell industry unimpressed

[nsane.forums]

GSM is the most popular protocol for cellphone telephony on the planet, with billions of users worldwide. But the standard encryption procedure used by most GSM carriers is only 64-bit, and academic researchers had spotted flaws in it starting over a decade ago. Now, in an effort to get carriers to take security seriously, a researcher is publicizing a brute-force attack on the encryption that he expects will be combined with work on the GSM frequency selection algorithm to create a cheap and easy method for eavesdropping on cellular calls. Despite initial progress on the effort, the cellular industry remains unimpressed.

Securing GSM communications relies on a combination of encryption and obscurity. The encryption, as described above, typically involves a 64-bit algorithm called A5/1, although many 3G networks use a newer, 128-bit version called A5/3. There's a history of academic research on this encryption that shows it to be vulnerable to various attacks, but there's no indication that any of these attacks have been used in the wild. That's presumably in part because of the obscurity aspect: GSM uses an algorithm to ensure that consecutive packets from a call are transmitted on different frequencies, making reconstruction of an entire transmission a matter of cracking that algorithm.

View: Original Article