Everybody panic: GSM algorithm cracked. This is not a repeat of 2008…2003….

For the next few weeks be afraid, very afraid. Karsten Nohl, an encryption expert with PhD. in computer engineering from the University of Virginia has successfully cracked the algorithm that secures the billions of calls that populate the GSM airwaves around the world each and everyday. What does it mean? On the surface it shows that the GSM technology may be ready for another security update as listening in on wireless GSM calls just became a tad easier.

As tempting as it is however, resist the urge to stockpile vast amounts of precious resources for the world isn’t going to end quite yet. While the algorithm has technically been cracked, there are many more things that go into intercepting, decoding and actually listening in on “stolen” phone calls. Many of those other “things” mind you are copyrighted products and services that ordinary citizens don’t exactly have easy access to. Then again, the code book (more on that in a second) and necessary tools to get the ball rolling come in several open source forms.

How exactly was GSM cracked (again)? Brute number crunching actually. Mr. Nohl along with the help of roughly 24 other (some of the individuals included are members of the “Chaos Computer Club” [Berlin]) team members worked together to generate the massive amount of possible algorithms into one (very) large book. This code book of sorts holds over 2 terabytes of data in the form of binary codes that in theory can be used to hack into GSM phone calls. As highlighted earlier however, their are several pieces of equipment and software applications needed to bring together all the bits and pieces.

Is the world in inherent danger? It’s not as bad as it sounds really. Sure someone could hack into a GSM network with the book of provided codes. But according to the GSM, a simple alteration of the algorithm would render the entire code book useless. Still, for a technology that was created in 1988 and hasn’t really gone through many security revisions, this may signal a growing need for the aging 2G technology.

It may surprise you however to know that an update to the underlying security for GSM technology is already available. You see, when GSM/2G technology was first launched, it was based on a 64-bit binary code called the A5/1. 3G networks since inception have used a higher security 128-bit code. But in 2007, an updated A5/3 GSM algorithm was released — only few cellular operators have chosen to upgrade to the newer, more secure algorithm. This recent re-hacking just goes to show that you can never fall asleep at the wheel when security is concerned.

To recap, the world is not going to end and our phone calls aren’t going to become a library for hackers to pick and choose as the please. Though given enough determination and the right tools and skills, such information — especially now that it’s public domain and freely available — means that cellular providers should at least think about beefing up security.

What do you say?

Boing Boing > NYT