By Niraj Sheth and Vanessa Fuhrmans
Wall Street Journal
December 29, 2009
A German hacker claims to have cracked the encryption that protects most cellphone calls, potentially paving the way for others to eavesdrop on conversations.
The claim, if true, could pose a threat to many wireless carriers who have used essentially the same security on their networks for years.
The hacker, Karsten Nohl, says he and a small team broke the encryption code for networks on GSM technology, which makes up more than 80% of the world’s cellular networks, to show how vulnerable they are and to make carriers more serious about security. He is expected to demonstrate Wednesday.
In the U.S., AT&T Inc. and Deutsche Telekom AG’s T-Mobile run on GSM technology. Rivals Verizon Wireless, a joint venture of Verizon Communications Inc. and Vodafone PLC, and Sprint Nextel Corp. operate on a competing technology called CDMA. An AT&T spokesman declined to comment. A spokesman for Deutsche Telekom said it is in the midst of upgrading to a new encryption algorithm as part of an overall upgrade of its German network. He declined further comment.
The GSM Association, based in London and responsible for coordinating GSM encryption around the world, said it has been monitoring the research of Mr. Nohl’s team. His group’s work seems to be a long way from practical attack capability and appears to be “motivated in part by commercial considerations,” a GSMA spokeswoman said. His team made its first claim that it could crack the code in 2007 and again earlier this year, she said. In the meantime, the association has developed an new-generation algorithm it says further enhances privacy protection and has urged the mobile-network industry to adopt it.
Mr. Nohl has published data online that he says is key to undoing encryption protecting phone calls. The size of the data and the computing power needed mean hackers likely won’t be able to eavesdrop on conversations at will, analysts say. Instead, they would have to be selective about which calls they try to break. “It’s likely going to be used for the corporate-espionage kind of thing,” says Stan Schatt, a security analyst at ABI Research. “In practical terms, it means hanging out in the parking lot of Google or somewhere and targeting executives with cellphones.”
Most companies don’t have enhanced security measures for cellular calls like they do for laptops or mobile email, Mr. Schatt says. While third-party encryption systems exist, the difficulty is that adding more security means that all people on a phone conversation need to have the same security enhancements.
In an interview, Mr. Nohl said the security loophole has been exploited for years by criminals using technology that previously cost several hundred thousand dollars. Mr. Nohl, who has a doctorate in computer science from the University of Virginia and works as a McKinsey consultant, said his research has “made it much cheaper to hack into mobile-phone networks.” A so-called white-hat hacker, he says he took on the project for academic reasons only and has no intentions of eavesdropping on calls himself.
Mr. Nohl says the security loophole is primarily a danger for people who deal regularly with confidential information. However, “the threat to the privacy of cellphone users is steadily increasing,” Mr. Nohl said.
Mr. Nohl says mobile-phone operators could implement technolgical solutions to increase security but the technology is expensive. “Technology to increase security provides an expensive fix to replace otherwise efficient technology,” Mr. Nohl said.
Mr. Nohl said he hopes his research will motivate telephone companies to update their technology. He says he doesn’t fear a lawsuit from from phone companies. “Everything we do is withing the framework of academic research,” he said.
—Archibald Preuschat and David Crawford contributed to this article.