The Global System for Mobile communications [GSM], developed in the late 1980s, is the communications standard used by roughly 80% of the world’s cell phones. It pretty much is the standard everywhere outside North America, where other standards developed by Qualcomm, namely CDMAOne[IS-95] and CDMA-2000, are used by some significant carriers, like Verizon Wireless and Sprint PCS. It provides some security for communications: it authenticates the user to the network (although, in its basic version, not the other way around), and provides two stream ciphers, A5/1 and A5/2, for encrypting the voice data stream. The second of these, A5/2, is the weaker encryption, and it has been known for some time that it can be broken using a ciphertext-only attack. The A5/1 cipher, which is more secure, is the most commonly used; although it has been known for a few years that it was theoretically vulnerable to attack, the attack was thought to be impractical.
Now Technology Review is reporting that a German researcher, Karsten Nohl, has presented a proof-of-concept attack that demonstrates that interception of GSM calls, eavesdropping on voice calls, and interception of SMS (text) messages are all a practical possibility. The presentation was made at the 26th Chaos Communication Congress in Berlin.
Karsten Nohl, who has a PhD in computer science from the University of Virginia, says he demonstrated the GSM attack to encourage people to develop a more sophisticated means of protection.
Predictably, the industry association for GSM providers, the GSM Association, downplayed the importance of the announcement, saying in a statement:
All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM,
It is true that the presentation did not cover one aspect of the attack in detail: the actual interception of the GSM radio signal. However, the researchers say that this is because publishing that type of information is illegal in some countries, and that equipment that can perform the interception is readily available.
Some experts, not involved in the research work, said that the industry should be using this as a wake-up call to implement better encryption, which is possible within the GSM standard, before the system is being routinely hacked:
“It would be a good time to start transitioning GSM systems to more advanced cryptographic algorithms,” says David Wagner, a professor at the University of California at Berkeley who was involved in work in the early 2000s that proved it was possible to break A5/1. “We should be grateful. We don’t always get advance warning that it’s time to upgrade a security system before the bad guys start taking advantage of it.”
Bruce Schneier has also dismissed the industry’s claims:
Cryptographer Bruce Schneier, chief security technology officer at BT Counterpane, dismisses the association’s claims. “Companies always deny that it’s practical,” he says. “The truth about cryptography is that attacks always get better, never worse.” While Schneier believes this work further demonstrates that GSM calls could be intercepted, he says that the recent move to use GSM for payments and authentication is “a bigger reason to be concerned about this attack.”
These interceptions are very likely to be happening already, from agencies like the NSA in the US or GCHQ in Britain. But upgrading the security of the system would seem like a very good idea, especially given the fact that mobile phones are being increasingly used for purposes beyond telephony: as part of payment systems, for example. If you are going to put a great deal of money in your safe, it is probably a good idea to put the new lock on it first. It would seem wise to bolster GSM security before making it a much more attractive target for the Bad Guys.