German Hacker Cracks GSM Call Encryption Code
A German computer boffin has worked out a way to crack code used to encrypt most of the world's mobile Internet traffic. Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards.
Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.
The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs."With our technology we can capture GPRS data communications in a radius of 5 km," he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe's largest hacker coalition.
Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. "We have written advice from our lawyers stating that our research is within the legal realm," he said. "Obviously the data we produce could of course be used for illegitimate purposes."
His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.
Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype.
Karsten Nohl and his team of 24 hackers began working on the security algorithm for GSM (Global System for Mobiles) in August.Developed in 1988, the system prevents the interception of calls by forcing phones and base stations to change frequencies constantly. Most of the UK's mobile phones use the GSM system and the breach represents a potential threat to the security of mobile phone communication.
The discovery of a way to eavesdrop so-called General Packet Radio Service (GPRS) technology allows a user to read emails and observe the Internet use of a person whose phone is hacked, said Karsten Nohl, head of Security Research Labs."With our technology we can capture GPRS data communications in a radius of 5 km," he told the paper before heading to a meeting of the Chaos Computer Club, a group that describes itself as Europe's largest hacker coalition.
Nohl, who has a doctorate in computer engineering from the University of Virginia, insisted his work was purely academic. "We have written advice from our lawyers stating that our research is within the legal realm," he said. "Obviously the data we produce could of course be used for illegitimate purposes."
His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.
Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype.
