GSM Decryption Published
Hugh Pickens writes "The NY Times reports that German encryption expert Karsten Nohl says that he has deciphered and published the 21-year-old GSM algorithm, the secret code used to encrypt most of the world's digital mobile phone calls, in what he called an attempt to expose weaknesses in the security system used by about 3.5 billion of the 4.3 billion wireless connections across the globe. Others have cracked the A5/1 encryption technology used in GSM before, but their results have remained secret. 'This shows that existing GSM security is inadequate,' Nohl told about 600 people attending the Chaos Communication Congress. 'We are trying to push operators to adopt better security measures for mobile phone calls.' The GSM Association, the industry group based in London that devised the algorithm and represents wireless operators, called Mr. Nohl's efforts illegal and said they overstated the security threat to wireless calls. 'This is theoretically possible but practically unlikely,' says Claire Cranton, a GSM spokeswoman, noting that no one else had broken the code since its adoption. 'What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me.' Simon Bransfield-Garth, the chief executive of Cellcrypt, says Nohl's efforts could put sophisticated mobile interception technology — limited to governments and intelligence agencies — within the reach of any reasonable well-funded criminal organization. 'This will reduce the time to break a GSM call from weeks to hours,' Bransfield-Garth says. 'We expect as this further develops it will be reduced to minutes.'"
Wow, what an interesting way to force innovation at such a "minor" expense to the people their efforts are supposed to help. Kinda ironic their efforts have done the exact opposite of their goals... and if the past is any indication, the harm they may have just caused will be around for a while.
Most of my calls are pretty boring, so I generally dont care. Some of my calls are regarding patient information entries in a database we maintain - in which case this becomes serious.
StarTrekPhase2 - The Five Year Mission Continues!
Not that I disagree with you in principal, I always feel its necessary to point out that encryption is nothing more than security through calculated obscurity.
There are differing levels of obscurity and differing levels of difficulty to get useful information out of the obsfucation, but in the end, its all just security through obscurity.
Posts like your own are generally by people who don't really understand encryption in general, as such I recommend that while your post has a valid point, you try to refrain from commenting on the more technical aspects of security.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
Hes nothing but a criminal in descise. What did he do? he deciphered the code,he didn't find a flaw or anything else he just figured out that the code is. Then just like all spoiled hackers who are ignored, he published it. Will normal people use the code? No,Governments already know the codes so that only leaves the criminals and voyeurs. The man belongs in jail if one person looses money because of him publishing the code,its just that simple.
Jack of all trades,master of none