The ability to crack standard GSM cell phone A5/1 encryption has been described as worrying as it could have a profound impact on the mobile phone industry.
Speaking at the recent Hacking at Random conference in The Netherlands, Karsten Nohl detailed plans on how to crack A5/1, and make the results available for anyone to use.
His demonstration only required a radio card and top-of-the-line laptop and allowed GSM calls to be snooped and decrypted. It works by pre-generating the encryption keys used in GSM into a codebook table that can be quickly and easily looked up on the fly.
Cellcrypt CEO Simon Bransfield-Garth claimed that the development was worrying, as it marks a massive lowering of the bar for criminal organisations to illegally tap mobile phone conversations.
Bransfield-Garth, said: “Everybody has known for quite some time that a theoretical hack of GSM existed. This news means that the theoretical risk will become a very real one within the next six months. Governments have taken steps to manage the threat for years and now this is a very worrying prospect for anyone that discusses valuable or confidential information over their mobile phone.
“In our soon to be published research, undertaken amongst corporate users in the USA, 79 per cent of people discuss confidential issues by phone every few days with 64 per cent making such calls daily.”
Stan Schatt, vice president and practice director of healthcare and security at ABI Research, said: “Potentially this news could have as profound an impact on the cell phone industry as the breaking of WEP encryption had on the wireless LAN industry. When people discovered that their wireless LANs were vulnerable, it slowed the sale of equipment until an industry group (the WiFi Alliance) stepped in and came up with interim security standards.
“If people do nothing, we are likely to start to hear stories of sensitive information being compromised, acquisition information being leaked, personal financial security information being compromised, etc. We could see tales of blackmail and extortion on the rise.”
Stuart Quick, risk management specialist at Henderson Risk, said: “The recent attention given to the hacking A5/1 is no surprise. It remains a Holy Grail amongst the hacking community and is intriguing because of the associated conspiracy theories.
“It is believed that the cipher has had weaknesses engineered in to it in order to make it easier for the security services to snoop on calls and that mobile communications providers are therefore misleading or incorrectly advertising their products' level of security.”