Two enterprising researchers claim to have figured out a way to eavesdrop on calls made using GSM mobile phones, cracking open its much-vaunted encryption.
According to David Hulton and Steve Muller, who presented the technique at the Black Hat security conference in Washington DC this week, GSM calls can now be recorded over long distances and cracked open in half an hour using only $1,000 (£500) worth of FPGA (field-programmable gate array)-aided computer equipment and a frequency scanner.
Although GSM's 64-bit A5 stream cipher has been theoretically vulnerable for some time, this is the first time anyone has demonstrated a way of doing it without investing in expensive, specialised equipment and taking years.
According to Hulton, spend $100,000 (£50,000) on hardware and the crack can be done in only 30 seconds using massively parallel processing technology. His company, Pico Computing, is now developing the fast version to sell to agencies such as law enforcement, but plans to give away the slower version for free.
GSM is used all over the world by mobile phone companies, and is used in the US by several networks where the A5/1 cipher was adopted from Europe. It is considered to be secure enough that even criminals use it, simply cycling phones to avoid the theoretical risk of being tracked.
The 'attack' depends on exploiting a vulnerability in the way GSM sets up calls. Assuming an attacker was able to find out a phone's mobile subscription identification number and built-in hardware ID - garnered by sending a text message to that phone say - they would have enough information to isolate calls from that phone.
Because networks set up some frames of the call security exchange using the same plain text scheme, throw enough hardware at the problem and the encryption can be forced open by using mathematical tables. "If we know the plain text, we can derive exactly what is coming out of A5," Hulton was quoted as saying at the presentation by sources.
The clever bit appears to be the way the pair have managed to reduce the theoretically huge size of these tables for 64-bit encryption to a manageable size, harnessing processing power to do the rest.
Sceptics will wait for proof that GSM really can be hacked using the equipment and costs cited. Such hacks are certainly not new. The A5/1 cipher has been pulled apart over the years by a number of crypto super-notables, including David Wagner, Ian Goldberg, Alex Biryukov and Adi Shamir. Indeed cracking GSM has almost become a sport for some, most notably an Israeli crack of 2003.
The mobile phone of hotel heiress and celebrity Paris Hilton suffered a security breach back in 2005 and hackers posted her mobile phone address book on the web.