22 Gsm Security

GSM Cracking

The standard encryption algorithm that is supposed to protect GSM mobile telephone calls from eavesdropping has long been known to be weak. Today, the technology to crack GSM’s standard encryption algorithm is accessible even to amateurs at moderate cost. Recent public demonstrations of practical low-cost attacks on GSM’s standard A5/1 encryption algorithm have underlined just how vulnerable mobile phone calls have become.

While the cryptopgraphic weakness of the most widely used GSM algorithm A5/1 has been known for quite some time, in the year 2009 the technology to exploit the weakness has leapfrogged.

Using so called Rainbow Tables – a technique to precompute large parts of the calculations needed to actually break the algorithm – and the massively increased computing power of high-end graphic cards, the technology to listen in into GSM calls has actually become available to interested amateurs.

The Rainbow Tables can be acquired from the Internet, the necessary software-defined radio wideband receiver can be procured commercially for only a few thousand Euro. The decoding software is available as open source and is steadily improving. The current state of the proof-of-concept project has been demonstrated by the researchers Karsten Nohl and Chris Paget at the 26C3 conference in December 2009 in Berlin. A video of the presentation can be watched here.