Advertisment

GSMA to review security hack

author-image
CIOL Bureau
Updated On
New Update

BANGALORE, INDIA: Mobile industry body the GSMA this week plans to review a claim by German computer engineer Karsten Nohl that he deciphered and published the algorithm used to encrypt GSM-based voice calls.

Advertisment

The security fears have grow after German computer engineer unravels algorithm protecting 80 per cent of world's mobile calls.

The GSMA director of media relations said that the GSMA security group will likely meet on Tuesaday or Wednesday. <Nohl's claims> will be on the agenda, and they will review what has been said," said Claire Cranton.

She told Total Telecom that the GSMA security group includes representatives from mobile operators, and meets during the first week of every month.

Advertisment

"Mobile security is not something we take lightly," she said.

Cranton's comments follow claims by encryption expert Karsten Nohl that he was able to unravel the GSM A5/1 privacy algorithm – a binary code used to protect mobile phone conversations from eavesdroppers – that was first adopted in 1988.

Nohl revealed his achievement during last week's Chaos Communication Congress in Berlin, a four-day event aimed at computer hackers that was attended by roughly 600 people.

Advertisment

His claims are cause for concern since over 80% of the world's 4.3 billion mobile connections use GSM technology.

"The primary goal is to improve the security of GSM. We have given up hope that network operators will move in that direction on their own," said Nohlm, in a report by the Financial Times.

 

Advertisment

"The GSM network has been overhauled many times, and I am puzzled that these upgrades have not improved security," he said.

The GSMA was quick to pour cold water on Nohlm's claims.

"The claims are more theoretical, rather than practical," said Cranton.

Advertisment

"We were told there was going to be a demonstration in Berlin, but it didn't materialise. I think you need to look at the motivation behind claims like this - they're usually not altogether altruistic and we think they might have some commercial interests," she said.

Cranton pointed out that the GSMA has already adopted an updated algorithm – A5/3 – designed to address its predecessor's weaknesses.

"This isn't the first time cracking the GSM's call encryption has been claimed; it's something we know about," she said.

Advertisment

She also said that the A5/1 algorithm will be rendered obsolete as the Security fears grow after German computer engineer unravels algorithm protecting 80% of world's mobile calls.

industry moves to 3G LTE and 4G technologies.

However, Cranton conceded that most telcos still use the older A5/1 algorithm, and it's up to operators and vendors to decide whether to invest in an upgrade to A5/3. She declined to speculate on the cost of upgrading.

"The cost will depend on the make and age of the equipment they are using," and it's something that telcos will need to evaluate themselves, she said.

Advertisment

News of Nohl's breakthrough spread quickly last week, with some industry observers claiming that it could pave the way for the development of practical GSM eavesdropping tools.

"Organisations must now take this threat seriously and assume that within six months their organisations will be at risk unless they have adequate measures in place to secure their mobile phone calls," said Stan Schatt, vice president for health care and security at ABI Research, in a report by the New York Times.

Yet the GSMA remains unconvinced.

"We strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity," said the GSMA, in a statement emailed to Total Telecom.

"A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product."

(Nick Wood, Totaltelecom)

tech-news