Wednesday, August 26, 2009

R.I.P. Security on GSM Phones

A security researcher is launching an open-source project to crack GSM cellular phone encryption that will allow attackers to decode phone calls and any data that happens to be in transit via the device.

If you're on T-Mobile or AT&T in the US, you only have a couple of months until you need to begin worrying.

Cell phone security has been woefully lacking for at least twenty years, mainly due to what I describe as a Microsoft-like approach of delivering cool features first and security second, if at all.

Karsten Nohl claims that he's looking to exploit a vulnerability that's been known for 15 years and affects 3 billion phones as a way to prod cellular phone manufacturers and carriers to get serious about security.

Cracking GSM encryption is nothing new, but previously the tools have been very complex, highly technical, and pretty darned expensive. Nohl hopes to change that via his open-source project. Ah, the joys of distributed computing.

Link via CNET

Image via Silicon Valley Sleuth

No comments:

Post a Comment

Please tell me what you think.