/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsNEW DELHI, INDIA: If thought your conversations over mobile phones are secure, you may better get rid of that notion. According to an expert, it is possible to intercept wireless network of GSM operators in less than a second and listen to all calls being transmitted from base transceiver station (BTS) as GSM networks are virtually not secure.
“There are zero per cent secure GSM network and 40 per cent secure mobile phones,” said German scientist Karsten Nohl, who is a security researcher at Virginia University, in a telephonic conversation with CIOL.
“GSM network security had been relying on 20-year-old encryption code, A5/1. Computing power available today is capable of breaking encryption code A5/1. Even computing power of play station can break this encryption code,” he added.
Last week, at the Chaos Communication Congress in Berlin, which is also the largest hacker conference in Europe, Nohl had demonstrated the vulnerability of GSM network, by cracking the encryption of the GSM mobile code that used to protect the GSM mobile conversations from being heard.
During the interaction, Nohl elaborated that a person will need to spend only $30,000 on a few computing devices to decrypt A5/1 encryption code in a second. This is also possible to do using a single CPU but by enhancing its computing power using a bunch of FPGA chips.
“Earlier it was said that to break A5/1 encryption one will need to make large investment but we have shown that it can also be done by using single computer built on Intel or AMD processor having graphics card, but it will take a few minutes, around 8-10 minutes,” added Nohl.
He said a single computer with 64 FPGA chips can also decrypt the code in a second but it will cost around $100,000.
The distance of a kilometer is sufficient for an interceptor to decrypt security code in the calls being transmitted from a BTS. This will be only interception of call coming from one direction. To decrypt calls coming from both directions, the interceptor will have to be within a distance of 100 metres from the person making the call. Vulnerability of a call increases once it crosses a BTS.
Nohl also pointed out that text messaging application used for banking and financial services are also vulnerable to this breach of security. According to him, even present security solutions available for mobile phones are not capable of detecting this kind of security leaks.
“There are two kind of attacks made - active and passive. Active attacks can be detected but at present I am not aware if any one is checking those attacks. But it is not possible to detect passive attacks. To detect passive attacks, security needs to come from network,” said Nohl.
During his research, Nohl had come across a number of bugs. He found that the codes are being broken in India and China as well.
“The devices are present in India and people are unethically and illegally bugging phones of subscribers there.”
Nohl mentioned that new networks like CDMA, 3G and 4G are using A5/3 encryption code, which are rather safe.
“At present, the encryption code of the new networks is safe. CDMA is a new technology. At present it is safe but I cannot say exactly how safe it is,” said Nohl.