In all cryptography, there needs to be ample time to switch between algorithms, and even more time after the algorithms...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
are made publicly available for analysis. This public and open analysis in the cryptographic community is used to identify weaknesses in the cryptographic algorithms. The GSM industry should switch to the newer and more secure A5/3 algorithm. The GSM Association reports there are 4 billion GSM phones in use throughout the world, so this switchover will be a massive effort that won't happen overnight, and as of mid-2010, the planning doesn't appear to have even started on this massive effort. Researchers point out that "A5/1 is constantly being circumvented by intelligence, law enforcement and criminals" (pdf), so the real-world risk is the switch to A5/3 won't happen fast enough and eavesdropping on GSM phone calls could become trivial if someone has access to the hardware necessary to record the radio signals, which the GSM Association says is complex to perform, but researchers say can be assembled . Hopefully the ongoing GSM research will prompt the GSM industry to migrate as quickly as possible to show their concern for their customers' security and privacy.
Karsten Nohl's attack was generating hashes for the codebook for A5/1 and collecting the related research to show the world how risky it is to continue to use the current GSM encryption algorithm. The generated hashes for the codebook are essentially the decryption keys that can be used to decrypt the encrypted voice call and were created by hashing all of the potential encryption keys. While the GSM Association says specialized software and hardware are needed to be able to intercept calls, the researchers point out that by using the codebook, some open source projects and some hardware, someone could intercept GSM traffic (phone calls, etc) with only a radio receiver and signal processing software that the researcher specifies. The risk to enterprises is that GSM communications like phone calls or SMS messages secured using A5/1 will not be addressed before attackers are able to use it to attack their organizations.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.