Privacy purists and people who worry about sensitive data on their cell phones being stolen now have a new reason for concern: Hackers have cracked the security codes for two of the world's most popular cell phone transmission standards.
Using readily available equipment that costs under $5,000, encryption specialists have shown that it is possible to intercept and decipher cell phone calls and data. Real-time listening hasn’t yet been demonstrated. But with a single PC and a couple hours of compute time, it appears any transmission over cellular networks can be hacked.
In one recent example, German cryptographer Karsten Nohl announced at a hackers' convention in Berlin last December that he and a group of security researchers had cracked the 21-year-old encryption code used to safeguard voice and information data sent using GSM technology.
GSM, or global system for mobile communications, is the most popular transmission standard in the world and is used by about 80 percent of the world's cell phones.
Nohl has released the GSM-cracking code online, but he said that his intent is only to raise awareness about the vulnerable nature of current cell network security.
The software key, or cipher, used to protect GSM conversations has remained unchanged for too long, Nohl said.
"Windows updates its security code about every month, and it's still not enough," Nohl told TechNewsDaily. "To stay ahead of the hackers, there needs to be a moving target."
GSM isn't the only cell phone standard that is vulnerable to hackers. Two weeks after Nohl's announcement, a team of cryptographers at Israel's Weizmann Institute of Science divulged a process for decrypting transmissions sent over newer 3G networks, which many experts had claimed was much more secure than GSM.
The method, which the Israeli team dubbed a “sandwich attack” due to its three-layer nature, is said to require about two hours on a single PC to perform, so it can't be used to listen in on real time cell phone calls yet.
But in a 23-page description of their methodology, the team suggested that their method could be further optimized for faster code breaking in the future.
The global GSM Association, a consortium comprised of members of the worldwide communications industry, is set to hold its Mobile World Congress convention in Barcelona, Spain later this month.
If the mobile industry is serious about improving security in light of these recent events, the talks will likely begin there. And while encryption issues aren’t featured prominently on the official agenda page for the event, cryptographers like Nohl who are working to expose the cell phone industry's security limitations argue that our mobile airwaves need improved security now.
"Operators need to focus on how to make cell phone networks easier to upgrade," Nohl said. "They're not just running behind the hackers. They're not running at all."