Encrypted data on GSM-supported cell phones may not be as secure as previously thought after a widely known encryption expert presented research showing how hackers can poke holes in the algorithm to eavesdrop on calls.
Karsten Nohl, chief research scientist at Sunnyvale, Calif.-based H4RDW4RE LLC, who asked hackers last summer to focus on cracking the widely used GSM encryption algorithm, presented research this week showing how an earnest hacker can find tools on hacking forums to intercept calls protected by the GSM A5/1 algorithm, a 64-bit binary code.
In an interview with SearchSecurity.com, Nohl said a newer A5/3 encryption algorithm exists, but operators have been slow to deploy it.
"Were urging operators to think of security as something that should be a moving part rather than something that's created and used for 20 years," Nohl said. "With research picking up, A5/3 will be broken at some point too."
Cell phone network cracks:
Karsten Nohl at Black Hat 2008:
The older A5/1 encryption algorithm is used in 80% of cell phones worldwide. It was first introduced in 1987 and Nohl points out that it became publicly available in 1994. A technique cracking the algorithm has been widely used in government intelligence gathering and law enforcement investigations, but until now, technology hasn't been available to make it practical for hackers to crack it. The GSM hacking technique has been too expensive and too complicated to pull off.
Nohl's GSM research presented this week at the Chaos Communications Congress in Berlin, shows that the technology has finally caught up to make it easier for hackers. Nohl said he is being pressured by the GSM Association (GSMA), an organization of licensed GSM mobile network operators, to cancel or scale back a demonstration planned Wednesday at the conference. A GSMA spokesperson did not return a request for comment.
It takes a mixture of hardware and computational software to pull off an attack, he said.
"The equipment used is getting cheaper and cheaper," Nohl said. "This will not be a vulnerability as widespread as Internet spam; it will always stay a targeted attack."
Nohl urged security professionals at enterprises to be aware of the potential threat and use additional security mechanisms to protect sensitive calls. For now, breaking the algorithm means a hacker can intercept text messages, conversations and data only on rare occasions. Data on GSM networks is routed through faster networks, which protects the information, but banking applications designed to work on GSM enabled phones may also be under an increased risk.
"They should treat the Internet as an untrusted network and [should] take precautions by adding their own encryption on top of it," Nohl said of enterprises concerned about secure communications.
In the United States, GSM operators include AT&T Corp. and T-Mobile. Other operators, including Verizon Communication Inc. and Sprint operate using a different standard -- Code division multiple access (CDMA) -- that is not affected by the hacking method.
In his presentation, Nohl describes both an active technique, in which cell phone calls are routed through a base station and a more challenging passive technique that involves more heavy computation. While it takes a savvy hacker to make the attack work, all of the parts making up the radio receiver system and signal processing software are open source and can be found on file swapping services and hacking websites, he said.
Nohl said he found an India-based equipment manufacturer advertising GSM cracking machines for as little as $200,000. Using the same techniques a hacker can build a machine from scratch much cheaper, he said.
"As the attack becomes cheaper, more people will be interested in listening in to steal information on phone calls," Nohl said. "It's only a matter of time."