If you are using a GSM phone (AT&T or T-Mobile in the U.S.), you likely have a few more months before it will be easy for practically anyone to spy on your communications.
Security researcher Karsten Nohl is launching an open-source, distributed computing project designed to crack the encryption used on GSM phones and compile it into a code book that can be used to decode conversations and any data that gets sent to and from the phone.
Karsten Nohl talks about his distributed computing, open-source AE/1 cracking project at the Hacking at Random conference.
“We’re not creating a vulnerability but publicizing a flaw that’s already being exploited very widely,” he said in a phone interview Monday.
This weakness in the encryption used on the phones, A5/1, has been known about for years. There are at least four commercial tools that allow for decrypting GSM communications that range in price from $100,000 to $250,000 depending on how fast you want the software to work, said Nohl, who previously has publicized weaknesses with wireless smart card chips used in transit systems.
It will take 80 high-performance computers about three months to do a brute force attack on A5/1 and create a large look-up table that will serve as the code book, said Nohl, who announced the project at the Hacking at Random conference in the Netherlands 10 days ago.
Using the code book, anyone could get the encryption key for any GSM call, SMS message, or other communication encrypted with A5/1 and listen to the call or read the data in the clear. If 160 people donate their computing resources to the project, it should only take one and a half months to complete, he said.
Participants download the software and three months later they share the files created with others, via BitTorrent, for instance, Nohl said. “We have no connection to them,” he added.
Once the look-up table is created it would be available for anyone to use.
Source: CNET News