GSM A5/1 encryption cracked ... but there's no need to panic

GSM A5/1 encryption cracked ... but there's no need to panic

Summary: A German computer scientist has published details of how to crack the A5/1 encryption algorithm used to protect most of the world's digital mobile phone calls.

TOPICS: Mobility, Hardware

A German computer scientist has published details of how to crack the A5/1 encryption algorithm used to protect most of the world's digital mobile phone calls.

Karsten Nohl, along with others, has spent the past five months levering open the algorithm used to encrypt phone calls using GSM technology. The research could, in theory, allow anyone to eavesdrop on calls. It is estimated that worldwide some 3.5 billion devices use GSM.

So, it it time to panic?


First of all, this isn't the first time that GSM was cracked. Back in 2003 a group of Israeli discovered a method of attacking the GSM algorithm, then in 2008 at the BlackHat gathering, researchers Hulton and Muller demonstrated a technique for the successful interception and decryption of a GSM stream that used sub-$1,000 hardware and took less than half an hour.

Secondly, the algorithm under attack here is the older 64-bit A5/1, not the newer 128-bit A5/3. While it's true that carriers have been slow to implement A5/3, this could, and probably will, change now.

Then there's the attack itself. You need a radio close to the person making the call, and another to capture the downlink transmissions coming from a carrier base station. hardly point-and-click stuff.

Finally, did anyone believe that the GSM that you or I use was hacker-proof given that the military and governments use devices that incorporate much higher levels of encryption? If anything, Nohl has done us a favor by highlighting the weaknesses of A5/1.

So you can all stop panicking and go make some calls.

Topics: Mobility, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • You may be right... OR

    You could just go to a carrier that uses CDMA and avoid the problem altogether. CDMA by its nature is much more difficult to hack into as the signal is divided up and spread across individually encrypted threads. This "Code Division" makes it faster, travel farther and harder to hack.

    Thus, why Verizon and Sprint have a huge advantage over AT&T and T-mobile.
    • UMTS uses W-CDMA

      UMTS -- the 3G replacement for GSM, used by AT&T and T-Mobile in their 3G networks -- uses W-CDMA. So 3G calls on AT&T and T-Mobile use code division.

      And GSM/UMTS have the huge advantage that the rest of the world uses it. You can take your phone overseas and use it, as long as at least one of the frequency bands match up. And if the phone is unlocked (which at least T-Mobile will do by request if you've had it 90 days), you can just pop SIM cards in and out to switch carriers.
    • Wrong...

      UMTS uses W-CDMA as posted above. A GSM phone can be used anywhere in the world, your Verizon phone can't be. AT&T's 3G network is technically faster (they are adding 7.2Mbps soon making it that much faster again soon).

      AT&T's networks may be swamped, but they have seen a 5000% growth in data usage in the last three years. While Verizon has only seen a ~300% growth over the same time period.

      But that aside, this crack isn't an issue for 99.9% of the people out there.
  • Contradiction?

    You seem to contradict yourself. First, you say it's not new, that it's been cracked twice before. Then you say carriers will probably upgrade to A5/3 because of this. Well if they didn't care to upgrade the first two times, why would they upgrade the third time?

    It isn't something to get hysterical about yet but the carriers may need to be compelled to upgrade by the govenment on our behalf.
    • Could be because this is crack is

      much more publicized, but I could be wrong.
  • Wall Street is the place to be worried.

    People talk about military and government secrets being protected, but the most vulnerable targets are the NY and London financial centers. For a very small investment, tapping into the inside conversations that move the world markets could be very lucrative for people who have the means to use the information. That includes organized crime groups who have lots of capital (cash money) and the need to launder it through quasi-legitimate deals and trades.

    Phone industry has had 15 years to do something about this, Motorola in particular knew and dragged their heels about it because of their internal politics and cost cutting measures. Now maybe something will be done.
    terry flores
    • Wall Street?! - Don't make us laugh

      That corrupt bunch criminals would deserve to have their phones tapped so that we can expose how markets are manipulated on a daily basis by the insiders.
    • IT is the carrier's responsibility to upgrade

      the network not a phone manufacturer, as all modern phones can handle the A5/3 crypto. Last I checked Motorola manufactures the phone, not a carrier. In this case point your finger at ATT and T-mobile, and who ever the equivalents are in the rest of the world.
  • let-em listen

    For the most part, like most cell users, I don't say anything on my phone that is of any real importance anyway. If someonw wants to listen in to my rather dull conversations let them. There are what, 9 million teenage girls with cell phones. Have fun.
    • Cyber Criminals - Don't be so smug

      You wouln't leave your wifi unencrypted, you wouldn't leave your door to the house or your car unlocked, so why would you leave your phone conversations open?

      Allow me to explain in 2 scenarios:

      Scenario A:

      You plan to fly home for the holidays, but air travel is expensive so you call the bank to make sure you have enough in your account for the trips expenses you reveal the verbal authentication nessicary to gain access to your accounts. You next call the airlines to get a ticket to fly. Then you pick arrival and departure dates for your trip. You give them your name, address, credit card number and drivers liscence and phone number.

      Unknown to you there is a criminal outside your house in a van with the required equipment, less than 1k$ I may add, that now has your identity, knows the best time to rob your house and how long they have to case it and make a breakin making off with more than enough loot to cover his equipment costs. Or if they want to they can just call the bank using your identity and rob you electronically.

      Scenario B:

      You are one of those teenage girls you mentioned with a cellphone that needs a ride from your over worked commuter parents. You call mom and dad to get a ride and they tell you something came up I wont be there for an hour. They tell you to wait at the door outside and they will send someone over as the school has now locked up. Outside the schoolhouse unknown to both parties there is a criminal creep of the worst kind. The bad guy shows up and, well, lets just say Law and Order SVU.

      Ive been in this situation but not the Law and Order part.

      As you can see mundane conversations can be exploited to conduct criminal activity more easily. So I would consider placing more value on privacy/security for your and your families sake, luckily I have CDMA/Spread Spectrum.
  • Nobody truly concerned about confidentiality relied on it anyway...

    the truth is that people who really care about privacy did not rely on built in encryption anyway, unless they were naive - they use custom encryption installed on their phones, point-to-point, otherwise they could be eavesdropped by governments etc. who do it legally on the core network plane. Other eavesdroppers (illegal) may try to hack the radio interface and this is where this A5 algorithm should protect the conversation, but custom encryption protects against both
  • RE: GSM A5/1 encryption cracked ... but there's no need to panic

    All of this is still well beyond the means of the average "Hacker", "Snoop" private investigator or neighborhood busybody. the built in encryption was never meant to keep things totaly secure, just beyond the reach of the average smo. and it still achieves that well enough.
    • Yes, but look beyond the finger...

      You may not realise this, but being able to hack into the GSM network (used by most mobile telephone users in the world) could be a serious threat. I am going to take a wild swing here as an example: imagine Russia (I am not a russian) at war with America (not an american either). As crazy as it may sound, Russia could better organize attacks/strategies by eavesdropping on middle-class citizens' conversations, who probably could be talking about escape measures, etc.

      It may be above the average SMO to crack GSM but the possibility of this is a good thing to help us make our networks more secure.
      • What?

        Do you have any idea the level of complexity and information overload? It might be usfull if they targeted selected people in a corporations and when they called a specific number collect the data. But they would need to have spies close to the targets to get the initial crack?

        Less secure than we thought before but hardly a large scale security threat to a nation.
  • RE: GSM A5/1 encryption cracked ... but there's no need to panic

    If you want your conversaion to be private don't count on the phone companies technology to do that for you.
  • RE: GSM A5/1 encryption cracked ... but there's no need to panic

    Well, if you can get near the target who's making the call, you can just listen to him or her speak; no need for fancy algorithms. As Doug MacArthur said, "Hit 'em where they ain't!"

      you can ask your friend back in the MSC at operators side to put a check on any number you want and you have all the data call reocords (offcourse with recorded calls) sms, anything you can think of.
  • Ease of interception?

    Adrian you stated, "You need a radio close to the person making the call, and another to capture the downlink transmissions coming from a carrier base station. hardly point-and-click stuff."

    If you need the person to be close to a radio, wouldn't it be pretty easy to intercept a call since most mobile calls are made in a car?

    Malicious hackers aren't interested in targeting a specific person, they will go for whoever they can.
    • Radio is shorthand for radio receiver such as what is in the phone!

      I think adrian means that you need a receiving device to pick up the

      You do not need the person to be near an AM/FM radio so no, the car
      is no better.

      On the other hand this was misleading.

      You need receivers that are in range of both the tower and the phone,
      they can be in the same place as long as both signals can be picked

      You need two receivers due to the different frequencies being used,
      one for uplink, one for downlink.

      To make this into a point and click solution would not be hard, two
      GSM packs is no big deal, and a laptop with software designed to track
      the phone calls by IMEI. I think you would find that something like this
      is probably already in the toolkit of GSM network providers.
    • @ big_dogs110

      lets hope your not performing brain surgery tomorrow.