Is it easy to monitor mobile phone calls? Weaknesses revealed in GSM

Every year since 1984, there has been an interesting convention in Germany. The annual Chaos Communications Congress is a meeting of international hackers, who convene to share information, listen to lectures and attend workshops. This year one of the speakers, a German encryption specialist, has really put the wind up the mobile scene - by claiming to have completely broken through the encryption code that keeps mobile calls on GSM networks safe from monitoring.

He did what, now?

First reported in the New York Times, Karsten Nohl is a 28-year-old computer engineer and encryption expert who has habit of testing systems to destruction. He then makes recommendations on how those systems can be strengthened. In the case of GSM, it seems that networks all over the world will need to make serious upgrades to their encryption. The current standard being used is called A5/1 - and it was state-of-the-art when it was developed twenty years ago. But modern hackers will be able to make short work of this encryption algorithm, according to Nohl.

Back in August, Nohl asked for volunteers to help him prove that A5/1 is inadequate. It took them 5 months, but they claim that they have proven that any reasonably well-funded criminal organisation could pretty much skip past the security measure whenever they want. The GSM Association (GSMA) is brushing these claims off, saying that the process will still be a lengthy and costly one. But seeing as Europe basically runs on GSM networks, and some of Americas biggest carriers (including AT&T and T-Mobile) run on it, this certainly merits more than just the cold should from GSMA.

What we think?

It seems to me that the GSMA is burying its head in the sand on this issue. This isn’t the first time that weaknesses inherent in A5/1 have been pointed out. Successful attacks have been carried out on the system as far back as 1997. In fact, a more secure replacement called A5/3 was developed in the early 2000s to replace A5/1 - but most operators neglected to upgrade as it was too expensive.
But I have to admit that I strongly doubt this news will cause anyone to beef up their security. I really hope they do, but I doubt it. Many operators are looking to step up from GSM to LTE or WiMAX networks at this point - and these 4G networks are designed around the same technology curve as GSM.