x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • GSM code cracked to expose its loopholes

GSM code cracked to expose its loopholes

Posted: , by John V.

GSM code cracked to expose its loopholes
Being coined as a hacker sometimes does not connotate a negative image of someone maliciously getting into some kind of computer system. Karsten Nohl, a 28 year old German security expert, recently cracked the GSM’s 64-bit A5/1 algorithm encryption which was adopted way back in 1988. Not to be branded as a faceless intruder, Nohl has some notable credentials and has a doctorate in computer engineering from the University of Virginia and is considered a leading encryption consultant.

Nohl worked diligently with others around the internet and ultimately created a guidebook. He published the secret code used to encrypt most of the world’s digital mobile phone calls – exposing the loopholes surrounding its weakness. Fortunately though, 3G networks utilize a 128-bit encryption along with a new A5/3 algorithm which is being “phased in” according to GSM Association spokesperson Clair Cranton. All of the efforts placed into this was not to just break the code, but to have better security so that it would be virtually impossible to do so.

source: NY Times via Mobile Tech Today



14 Comments
  • Options
    Close




posted on 20 Oct 2010, 01:44

1. vzwman (Posts: 385; Member since: 26 Oct 2009)


First!

posted on 02 Jan 2010, 01:52

2. Trevsx1000 (Posts: 33; Member since: 08 Dec 2009)


They most certainly werent the first to post this article! More like last!

posted on 02 Jan 2010, 03:29

3. SamTime (Posts: 253; Member since: 07 Nov 2009)


Yea PhoneArena usually always seems late to the party. And not fashionably late or running on Asian time late but hey sorry the foods gone late.

posted on 02 Jan 2010, 08:25

4. WnnaFghtAboutIt (Posts: 149; Member since: 31 Aug 2009)


how about only think left is some fat drunk girls late

posted on 02 Jan 2010, 12:52

5. Striker13084 (Posts: 126; Member since: 30 Mar 2009)


you all are stupid! he was the first to post! got you back VZWman

posted on 02 Jan 2010, 12:54

6. Striker13084 (Posts: 126; Member since: 30 Mar 2009)


Furthermore, yes, they are later to get stuff up because they check sources before just randomly posting bad intel!

posted on 02 Jan 2010, 16:05

7. vzwman (Posts: 385; Member since: 26 Oct 2009)


Thanks striker. BTW (for everyone else) if you don't like the way phonearena operates go some where else to post your lil comments

posted on 02 Jan 2010, 20:39

9. Trevsx1000 (Posts: 33; Member since: 08 Dec 2009)


Or I could pretend I'm twelve years old and its five years ago and post "First!!" as a comment. BTW I do apologize that my sarcasm obviously did not sink in well enough before. Hopefully this comment gets the job done. Oh and phonearena is deece but they need to be ahead of the curve and the argument that they "check their sources" is a funny one just like this iPhone tethering article that was not only late but also completely dispelled as false almost a month before phonearena posted the article. I like phonearena and continue to frequent it and BGR every day but I just wish phonearena would realize that people like you and me count on them for phone info that is quick and accurate. There! (Steps of high horse) I'm not picking fights, just stating facts.http://www.phonearena.com/htmls/iPhone-data-and-tethering-can-cost-you-only-15-per-month-article -a_5983.html

posted on 02 Jan 2010, 17:03

8. Kiltlifter (Posts: 742; Member since: 11 Dec 2008)


Does anyone know the bitrate of the CDMA platform, as it is "supposed" to be way more secure than GSM in the first place. I would like to know how much more difficult it would be to hack than GSM. Just for my own curiosity.

posted on 03 Jan 2010, 01:56

10. sinfulta (Posts: 267; Member since: 11 Dec 2008)


CDMA1x / EV-DO uses the 512-bit algorithm in OTASPLCM (Over the Air Secured "Private Long Code Mask") to exchange keys between the mobile device and the Access Node-Authentication Authorization Accounting (AN-AAA) server. Both technologies utilize strong authentication key exchange protocols to ensure identity. The PLCM portion (Private Long Code Mask) is utilizes both the mobile and the network to change the characteristics of a Long code. Long code is used for voice scrambling above and beyond 512bit encryption, which adds an extra level of privacy over the CDMA air interface. The Private Long Code Mask doesn’t encrypt information, it replaces the known hacked value used in the encoding of a CDMA signal with a private value (Example like a fake code that's not real if found) known only to both the mobile and the network. So...... in theory it's extremely difficult to eavesdrop on conversations without knowing the Private Long Code Mask... And even if you do... you must then past the 512bit encryption. The technology was developed by Qualcomm (My company).

posted on 03 Jan 2010, 02:21

11. sinfulta (Posts: 267; Member since: 11 Dec 2008)


I forgot to mention that AT&T's WCDMA network (HSPA), in the states is using 256bit encryption where we've tested build outs of HSPA+, 128bit encryption where there is HSPA, and is 64bit over non-HSPA signals. So by the time someone cracks those, 3G will be probably end of life and even AT&T will be deep in 4G by then with much higher encryption. Ian Goldberg which was the Graduate student researcher and founding member for (ISAAC) at UC Berkeley hacked the GSM 32bit encryption signal and was able to clone devices at the end of 97/98 (can't remember exact time frame). So it took almost 11yrs do decrypt 64bit? We have nothing to worry about. Your GSM is safe guys. :) NYTimes are idiots sometimes and talk about stuff they don't know enough about to create articles and ratings to grab readers. Because believe it or not they are hurting. Advertising for them and revenue is down over 20%. I bet you won't see them post articles about that huh? They are just trying to grab attention and readers lately. It's really sad.

posted on 03 Jan 2010, 11:51

12. *HOVA* (Posts: 564; Member since: 11 Dec 2008)


Hopefully the gems here at PA don't delete your comments again like they did in a previous article. Very informative, not sure why they did before, little troubling.

posted on 04 Jan 2010, 00:32

14. sinfulta (Posts: 267; Member since: 11 Dec 2008)


It's because when they delete a post it deletes everything with it underneath. So if they delete post #8 - Kiltlifter, then all our posts beneath get removed. It's dumb, I know.

posted on 03 Jan 2010, 12:35

13. Dood (Posts: 269; Member since: 23 Mar 2009)


Wait...so no one knew that GSM was a less secure signal? I knew that back in 2004. This time Phone Arena actually is really late in the game. hahaha.

Want to comment? Please login or register.

Latest stories