Some days ago our phone calls started to be more unsecure due to the hack of the main code of the GSM encyption algorithm. Karsten Nohl, a german computer engineer, and his crew got this code by brute force technique, that means they tryed enough random keys until they got the password. This information was published in the ‘Chaos Communication Congress’ that took place in Berlin.
The cracked algorithm is called A5/1 and is the one it is used in over 80% phone call connections so this represents a big problem for our voice communications according to our privacy violation. Besides, the discovered code/password has been published via torrent, so anyone can access it and with the proper software could spy our phone calls. Some phone operators have said that changing that code in the operators networks would solve the problem, but it would keep being as vulnerable as the previous one that has been discovered.
The code of A5/1 algorithm, devised in 1988, consists on a 64bit string. Actually there is a newer algorithm based on a 128bit code that is called A5/3, available since 2007, but operators have not introduced this algorithm in their networks yet. This code has not been hacked, at least so far …
The company Cellcrypt, has said that what Karsten Nohl has published will help criminal organizations to listen private conversations. Nowadays this technology was only available for governments and intelligence agencies.
Maybe its time to change our minds, maybe it is time to stop using an old voice technology, maybe it is time to establish our voice communications in other way… Technology has improved in all ways and two facts could help us solve this problem. Nowadays we can use VoIP (Voice over IP) to call a friend wherever he is at really cheap rates using internet connection. In addition personal certificates identify and secure us in the internet when we make important operations such as banking, or administrative tasks. What about joining both? That could solve our impending problem.
At the moment make sure your private conversations are not through a mobile phone call…
January 2nd, 2010 at 4:48 pm
[...] (Vía SevenClick) [...]