Security experts seem to be taking seriously the threat of hackers cracking standard GSM cell phone encryption.
At the recent Hacking at Random (HAR) conference, held from 13-16 August, Karsten Nohl detailed plans for cracking standard GSM cell phone encryption, known as A5/1, and making the results available for anyone to use. You can see a PDF of his presentation here.
Now Mobile Europe has been contacted by Cellcrypt, whose CEO Simon Bransfield-Garth, said, "Everybody has known for quite some time that a theoretical hack of GSM existed. This news means that the theoretical risk will become a very real one within the next six months. Governments have taken steps to manage the threat for years and now this is a very worrying prospect for anyone that discusses valuable or confidential information over their mobile phone.”
“In our soon to be published research, undertaken amongst corporate users in the USA, 79% of people discuss confidential issues by phone every few days with 64% making such calls daily.”
Cellcrypt had also lined up some quotes from other members of the industry warning what the effects could be.
Stan Schatt, Vice President and Practice Director, Healthcare and Security at ABI Research, commented, “Potentially this news could have as profound an impact on the cell phone industry as the breaking of WEP encryption had on the wireless LAN industry.”
And Stuart Quick, risk management specialist at Henderson Risk Limited, commented, “The recent attention given to the hacking A5/1 is no surprise. It remains a Holy Grail amongst the hacking community and is intriguing because of the associated conspiracy theories. It is believed that the cipher has had weaknesses engineered in to it in order to make it easier for the security services to snoop on calls and that mobile communications providers are therefore misleading or incorrectly advertising their product’s level of security.”