Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Able To Crack A5/1 Cellphone Crypto

Posted by timothy on from the keith-alexander-huffs-righteously dept.

jones_supa writes "The most widely used cellphone encryption cipher A5/1 can be easily defeated by the National Security Agency, an internal document shows. This gives the agency the means to intercept most of the billions of calls and texts that travel over radiowaves every day, even when the agency would not have the encryption key. Encryption experts have long known the cipher to be weak and have urged providers to upgrade to newer systems. Consequently it is also suggested that other nations likely have the same cracking capability through their own intelligence services. The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on 2G GSM. It is unclear if the agency may also be able to decode newer forms of encryption, such as those covered under CDMA."

6 of 122 comments (clear)

  1. This is why... by Anonymous Coward · · Score: 5, Funny

    I only speak in Navajo.

  2. Don't Worry they Built it that Way by Anonymous Coward · · Score: 5, Insightful

    The NSA has maintained a policy that any encryption that was able to block their efforts was ILLEGAL in the USA. Do you actually expect anything to work? Bluntly do you expect to have your banking transactions secure when they can crack them. How about your phone call confirmations when they can record them and appear to be you. How about a hacker who walks into the NSA back-door in all of this. This makes the NSA the biggest terrorist and criminal agents in the world and the accomplace to the stunningly biggest crime situation in history where nobody is secure!

  3. And this is news? by Anonymous Coward · · Score: 5, Informative

    Hardly rocket science these days, see e.g.https://srlabs.de/decrypting_gsm/

  4. So what? by Guppy06 · · Score: 5, Insightful

    My mobile carrier is AT&T. The NSA doesn't need to break the encryption.

  5. Re:Hysterics by cianduffy · · Score: 5, Informative

    A5/1 is not the export cipher - that's A5/2.

  6. VoIP + ZRTP by mrchaotica · · Score: 5, Informative

    I haven't tried it out yet, but ZRTP apparently provides strong (PGP-based) encryption for VoIP. So why not just quit using cellphone "voice calls" entirely? There exist cellphone plans that provide enough data cheaply enough to make this work economically.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz