German security researcher cracks A5/1 encryption portion of GSM

Global System for Mobile Communications

Presenting a new research project pertaining to the unveiling of a GSM - Global System for Mobile Communications - encryption codebook at a conference in Berlin, German security researcher Karsten Nohl demonstrated a cheap and easy way for overhearing calls on a GSM-based mobile phone.

Largely focusing on a technique whereby the A5/1 encryption portion of GSM can be attacked for listening in on cellular calls, the foundation of Nohl's work rests on the creation of a so-called "rainbow table" that can be used to reconstruct the encryption keys.

By and large, the security of the GSM communications essentially results from a combination of encryption and obscurity. Though the standard encryption involves a 64-bit algorithm called A5/1, some 3G networks use a newer, 128-bit version called A5/3.

Going by the history of academic research on the GSM encryption, there have been indications that it is at risk of various attacks, even though none of these attacks have been used in the wild thus far.

While the initial encryption-cracking effort reported by Nohl and his team has not made a significant impression, it has notably lowered the bar for the expenditure as well as technical expertise required for cracking GSM encryption.

Furthermore, the researchers have highlighted the fact that the somewhat obsolete GSM encryption needs an upgrade; and that the carriers should consider security as a pertinent issue.