AOA Forums

AOA Forums (
-   Data Security (
-   -   After 21 Years, GSM Encryption is Cracked Putting 3.5B Users at Risk (

Daniel ~ 31st December, 2009 07:54 PM

After 21 Years, GSM Encryption is Cracked Putting 3.5B Users at Risk
Written by Daniel
Thursday, 31 December 2009 18:48

The cat's out of the bag -- after 28 years the 64-bit A5/1 algorithm that encrypts over 3.5 billion users' cell phone traffic, has been cracked and the results published. [Front page...]

Aedan 4th January, 2010 05:37 PM

A5/1 is one of several algorithms used to protect speech on a GSM network. One other alternative is A5/3, which uses 128bit encryption. Incidentally, A5/3 is already used to protect GPRS traffic (data, rather than voice).

However, GSM has some serious design deficiencies that mean it's not really suitable for secure communications. For example, GSM requires a mobile phone to authenticate to the network before it can operate. There's no provision for the network to authenticate to the mobile phone, so you have no idea who's network you're actually connected to. That could well be an easier attack than breaking the encryption used.

UMTS (3G) uses a different cipher, and currently stands up to cryptoanalysis. Ultimately, it is a matter of time before a form of encryption is broken. An attack that takes 100 years with this year's hardware will only take 50 years with next year's hardware.

The A5/1 encryption used has survived pretty well, given how much more powerful computers are now than they were 21 years ago. 21 years ago, the 8086 was just about around, as was the 68000.

danrok 4th January, 2010 06:30 PM

I would have thought cordless landline phones are the real weak link?

And, just about everyone uses cordless phones now.

All times are GMT +1. The time now is 02:37 PM.

Copyright ©2001 - 2010, AOA Forums

Search Engine Friendly URLs by vBSEO 3.3.0