Are you in danger of Phone call hacking?

Summary:OK, so you're not a member of the Royal family, but are your mobile phone calls still in danger of being intercepted? Yes, yes you are.

Unlike the UK's Royal family, I doubt anyone is listening in on my phone calls. But, if someone wanted to, they could.

Many mobile phone calls in the U.S. and Europe are encrypted with a stream cipher called A5/1, which is commonly used, in GSM (Global System for Mobile Communications) voice communications. A5/1 is not secure. It's been broken for years.

More recently, in 2009, A5/1 was busted by a German hacker in a way that demonstrated that if you can capture the voice stream anyone with generic computer equipment could break it. Since then, A5/1 has only gotten easier to crack.

The GSM Association replied in 2009 that, "before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product."

I don't know about 'products' that can do this, but I do know crackers who do have that kind of hardware at their beck and call. In 2011, you don't need to be a Lisbeth Salander to listen to mobile calls.

There's no reason to panic yet. In theory, the phone companies are moving to the far harder to break 128-bit Kasumi encryption algorithm, which is used in the next generation A5/3 voice encryption. In practice, they've been taking their time about it. Worse still, A5/3 has been busted as well in early 2010. While it's not as easy to crack as A5/1, it's not that hard either.

I wouldn't freak about mobile phone calls being listened to quite yet though for most people. While the software side isn't that hard to pull off, listening in to a GSM network connection is still requires some expertise, unlike, say using Firesheep to peek in on your Wi-Fi network connection, which any idiot can do.

But, if you are someone that people really want to spy on, I'd be cautious about using ordinary mobile phones. If you have enemies or business competitors who really want to know what you're saying, they really can listen in.

If you want your phone calls to be secure today, I recommend using encryption software on your smartphones. These programs include PhoneCrypt, Secure Voice GSM, and Gold Lock. All these use 1,028-bit and higher encryption programs. Of course, for any of these programs to work, you need copies on each phone on a call. At this level of protection,  the National Security Agency (NSA) may still be listening to your calls, but no one else will be.

Topics: Hardware, Mobility, Security, Telcos

About

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.His work has been published in everything from highly technical publications... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.