The New York Times broke the story of the A5/1 cracking (A5/1 being the encryption algorithm that protects the privacy of your GSM calls) last night, prompting a media frenzy.
The story goes like this: since 1994 researchers have warned that A5/1, developed in the late ’80s, was inadequate and could be cracked easily. The GSM trade body downplayed these warnings and kept that line even after August 2009 – when it was announced that an open source project was working on the codebook. Armed with that codebook a hacker could crack a GSM conversation in minutes with less than $10k worth of equipment.
Back then the GSMA said:
The theoretical compromise presented at the Black Hat conference requires the construction of a large look-up table of approximately 2 Terabytes – this is equivalent to the amount of data contained in a 20 kilometre high pile of books,”
“The complex knowledge required to develop such [signal-processing] software is subject to intellectual property rights, making it difficult to turn into a commercial product,” it states.
The problem being that criminal organizations will not be hindered by copyright laws.
On Sunday the rainbow tables have appeared on bittorrent and now the story is being reported by the BBC, The London Telegraph, The Register, ZDNet just to name a few.
However there are misconceptions in some reports:
“the new security standard, A5/3, will protect your calls”
- The GSMA claims that moving to A5/3 will solve the problem, which is misleading. Switching off A5/1 is also necessary, effectively rendering all phones manufactured before 2007 useless because those do not support the new encryption algorithm.
“GSM hops frequency makes it secure”
- The GSM frequency hopping was never a security measure or a problem, it was designed to avoid interference (in military systems frequency hopping is a security measure but it happens thousands of times per second)
“My phone calls are boring and worthless”.
- This is not just about listening about phone calls but also interfering with all applications that use GSM to operate (think email and banking) as well as toll fraud and denial-of-service attacks. If your calls are boring how about a hacker turning your phone into a useless brick?
“CDMA is safe”
- GSM is vulnerable to this attack, CDMA is not. However CDMA’s cyphers are weaker that then ones just cracked. The reason why no one attempted it is because GSM has the lion’s share of the cell phone market with 80% of all calls. You have to assume that criminal organizations can access CDMA calls. Moreover CDMA operators are moving to LTE, which is based on GSM.
“The NSA was always able to listen to calls”
- This is missing the whole point. Law enforcement agencies were always able to perform wiretaps in the telephone networks. What the A5/1 announcement means is that criminal organizations and foreign entities can now listen to calls as well.
At the time of this writing the top story on the GSMA website is ‘Duran Duran to Headline at the GSMA’s Mobile World Congress Awards Party‘.
