The Algorithm Protecting GSM Calls Has Been Cracked

The A5/1 privacy algorithm, a code which is used to protect the privacy of about 80 percent of all mobile calls worldwide, has been deciphered and made public. It remains to be seen whether it's time to panic just yet.

The algorithm in question has been used to encrypt GSM calls since 1988, but this past week, at the Chaos Communication Congress, a four-day computer hackers' conference, an encryption specialist by the name of Karsten Nohl disclosed how he and about 24 other people cracked the code. He also revealed that the resulting two terabyte "code book" which is "a vast log of binary codes that could theoretically be used to decipher GSM phone calls" is available on various BitTorrent websites.

Whether you should begin to worry about this news depends on whom you listen to. The telephone companies are proclaiming that the A5/1 algorithm, a 64-bit binary code, will soon be phased out for its successor, the 128-bit A5/3 algorithm, and that even just a simple modification to the existing code would be enough to thwart any attempts to intercept calls.

Some security experts on the other hand are saying that the "hardware and software needed for digital surveillance were available free as an open-source product" and that this new development could "reduce the time to break a GSM call from weeks to hours."

Either way, it doesn't seem like it's time to shout about yet another breach of privacy just yet, so let's go back to focusing on crotch pat downs once again. [NY Times]

Photo by Taberna de Ingrid