The cracking of GSM encryption by 28-year-old German security expert Karsten Nohl has sent shock waves through the wireless industry. But the crack should come as no surprise to an industry that has long given short shrift to security, an analyst says.
Nohl — working with others around the Internet — has created a guidebook for cracking the Global System for Mobile communication’s 64-bit A5/1 algorithm, which was adopted in 1988. 3G networks use 128-bit encryption to protect caller privacy and the new A5/3 algorithm is being “phased in,” GSM Association spokesperson Claire Cranton said.
Nohl said the message from the cracking effort is “to have better security, not ‘We want to break you.’ The goal is better security. If we created more demand for more security, if any of the network operators could use this as a marketing feature … that would be the best possible outcome.”
High Crime or High Time?
“Being security researchers, one thing we can do — and what we choose to do in this case — is to show how it can be done,” he told the Associated Press. The revelations are aimed at pushing the industry’s adoption of 128-bit encryption, which would be “one quintillion times more difficult” to crack.”
Cranton spoke with outrage about the release of the guidebook, saying “this activity is highly illegal in the U.K. and would be a serious RIPA offense, as it probably is in most countries.” She referred to Britain’s Regulation of Investigatory Powers Act, which governs the interception of user logs and e-mails of suspected criminals by security and intelligence agencies.
But it should come as no surprise that the algorithm was broken, Andrew Storms, director of security operations for nCircle, said in an e-mail. “The variable of any encryption is time. One only needs to ensure the encryption is strong…
Buy This Item: [Click here to buy this item]