In all cryptography, there needs to be ample time to switch between algorithms, and even more time after the algorithms...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
are made publicly available for analysis. This public and open analysis in the cryptographic community is used to identify weaknesses in the cryptographic algorithms. The GSM industry should switch to the newer and more secure A5/3 algorithm. The GSM Association reports there are 4 billion GSM phones in use throughout the world, so this switchover will be a massive effort that won't happen overnight, and as of mid-2010, the planning doesn't appear to have even started on this massive effort. Researchers point out that "A5/1 is constantly being circumvented by intelligence, law enforcement and criminals" (pdf), so the real-world risk is the switch to A5/3 won't happen fast enough and eavesdropping on GSM phone calls could become trivial if someone has access to the hardware necessary to record the radio signals, which the GSM Association says is complex to perform, but researchers say can be assembled . Hopefully the ongoing GSM research will prompt the GSM industry to migrate as quickly as possible to show their concern for their customers' security and privacy.
Karsten Nohl's attack was generating hashes for the codebook for A5/1 and collecting the related research to show the world how risky it is to continue to use the current GSM encryption algorithm. The generated hashes for the codebook are essentially the decryption keys that can be used to decrypt the encrypted voice call and were created by hashing all of the potential encryption keys. While the GSM Association says specialized software and hardware are needed to be able to intercept calls, the researchers point out that by using the codebook, some open source projects and some hardware, someone could intercept GSM traffic (phone calls, etc) with only a radio receiver and signal processing software that the researcher specifies. The risk to enterprises is that GSM communications like phone calls or SMS messages secured using A5/1 will not be addressed before attackers are able to use it to attack their organizations.
Dig Deeper on Disk and file encryption tools
Related Q&A from Nick Lewis
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework.continue reading
A new type of WordPress malware, WP-Base-SEO, disguises itself as an SEO plug-in that opens backdoors. Nick Lewis explains how it works and how to ...continue reading
A new exploit of CLDAP servers can be used for a DDoS reflection attack that gives attackers a 70x boost. Nick Lewis explains how to defend against ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.