Monday, December 28, 2009

GSM Crypto Code Broken

For over 20 years, up to 80% of the world's phone calls made on cellular phones have relied on the GSM algorithm for protection.

Now comes word that a German computer engineer claims to have broken the code, part of his broader effort to demonstrate how insecure wireless systems are around the globe.

Karsten Nohl detailed his achievement at the Chaos Communication Congress in Berlin. 64-bit encryption? Hey, cellular phone providers - are you freaking kidding me?

Back in August 2009 I wrote the GSM algorithm's epitaph when I first learned that Nohl launched his open-source project to crack GSM cellular phone encryption.

Karsten Nohl claims that he's looking to exploit a vulnerability that's been known for 15 years and affects 3 billion phones as a way to prod cellular phone manufacturers and carriers to get serious about security.

Cracking GSM encryption is nothing new, but previously the tools have been very complex, highly technical, and pretty darned expensive. Nohl hopes to change that via his open-source project. Ah, the joys of distributed computing.

Less than 5 months later, Nohl is claiming success. Imagine what groups motivated by financial gain, such as Russian organized crime syndicates or Chinese hackers, will do with this ability.

Even more frightening is what these cartels may have already achieved. The days when we could consider security as secondary to killer features and functionality are gone.

If you're not planning six steps ahead, you're already three steps behind.

Via ZDNet



No comments:

Post a Comment

Please tell me what you think.