The cat's out of the bag -- after 28 years the 64-bit A5/1 algorithm that encrypts over 3.5 billion users' cell phone traffic, has been cracked and the results published. 
Cell phone industry group calls the research "illegal"; insists that there is little threat.

For 21 years, the same encryption algorithm, A5/1, has been employed to protect the privacy of calls under the Global Systems for Mobile communications (GSM) standard.  With the GSM standard encompassing 80 percent of calls worldwide (AT&T and T-Mobile use it within the U.S.) -- far more than the leading rival standard CDMA -- this could certainly be considered a pretty good run.  However, someone has finally deciphered and published a complete analysis of the standard's encryption techniques in an effort to expose their weaknesses and prompt improvement.

Karsten Nohl, a 28-year-old German native, reportedly cracked the code and has published his findings to the computer and electronics hacking community.  Mr. Nohl, who cites a strong interest in protecting the privacy of citizens against snooping from any party, says that his work showcases the outdated algorithms' flaws.

At the Chaos Communication Congress, a four-day conference of computer hackers that runs through Wednesday in Berlin, he revealed his accomplishments.  He describes, "This shows that existing GSM security is inadequate.  We are trying to push operators to adopt better security measures for mobile phone calls."  [More...] [Comments]