GSM A5/1 encryption cracked ... but there's no need to panic

A German computer scientist has published details of how to crack the A5/1 encryption algorithm used to protect most of the world's digital mobile phone calls.

Karsten Nohl, along with others, has spent the past five months levering open the algorithm used to encrypt phone calls using GSM technology. The research could, in theory, allow anyone to eavesdrop on calls. It is estimated that worldwide some 3.5 billion devices use GSM.

So, it it time to panic?

No.

First of all, this isn't the first time that GSM was cracked. Back in 2003 a group of Israeli discovered a method of attacking the GSM algorithm, then in 2008 at the BlackHat gathering, researchers Hulton and Muller demonstrated a technique for the successful interception and decryption of a GSM stream that used sub-$1,000 hardware and took less than half an hour.

Secondly, the algorithm under attack here is the older 64-bit A5/1, not the newer 128-bit A5/3. While it's true that carriers have been slow to implement A5/3, this could, and probably will, change now.

Then there's the attack itself. You need a radio close to the person making the call, and another to capture the downlink transmissions coming from a carrier base station. hardly point-and-click stuff.

Finally, did anyone believe that the GSM that you or I use was hacker-proof given that the military and governments use devices that incorporate much higher levels of encryption? If anything, Nohl has done us a favor by highlighting the weaknesses of A5/1.

So you can all stop panicking and go make some calls.