Wednesday, August 26, 2009
R.I.P. Security on GSM Phones
If you're on T-Mobile or AT&T in the US, you only have a couple of months until you need to begin worrying.
Cell phone security has been woefully lacking for at least twenty years, mainly due to what I describe as a Microsoft-like approach of delivering cool features first and security second, if at all.
Karsten Nohl claims that he's looking to exploit a vulnerability that's been known for 15 years and affects 3 billion phones as a way to prod cellular phone manufacturers and carriers to get serious about security.
Cracking GSM encryption is nothing new, but previously the tools have been very complex, highly technical, and pretty darned expensive. Nohl hopes to change that via his open-source project. Ah, the joys of distributed computing.
Link via CNET
Image via Silicon Valley Sleuth