December 31, 2009 in Nation/World

Group posts guide to break cell encryption

It claims it’s a call to improve security
Matt Moore Associated Press
 

FRANKFURT, Germany, – A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of billions of cell phone users secret.

Karsten Nohl, 28, told the Associated Press this week that he, working with others online and around the world, created a codebook containing how to get past the GSM standard encryption used to keep conversations on more than 3 billion mobile phones safe from prying ears.

Nohl said the purpose was to push companies to improve security. The collaborative effort put the information online through file-sharing sites.

“The message is to have better security, not we want to break you,” he said.

GSM, the leading cell phone technology around the world, is used by several wireless carriers in the U.S., with the largest being AT&T Inc. and T-Mobile USA. Verizon Wireless and Sprint Nextel Corp. use a different standard.

The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl’s rationale.

Claire Cranton, a spokeswoman for the London-based group, said that “this activity is highly illegal in the U.K.”

It has already been possible to intercept GSM calls, but the equipment is generally only available to law enforcement.

Regular wiretapping of cellular calls is also possible, since they travel unencrypted over standard wiring after being picked up by a cell tower.

Even with Nohl’s exploit, expensive and sophisticated radio equipment placed close to the target is required to pull the calls off the air.

© Copyright 2009 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Get stories like this in a free daily email


Please keep it civil. Don't post comments that are obscene, defamatory, threatening, off-topic, an infringement of copyright or an invasion of privacy. Read our forum standards and community guidelines.

You must be logged in to post comments. Please log in here or click the comment box below for options.

comments powered by Disqus