Researchers Crack GSM Cell Phone Security

Dennis Faas's picture

Hackers could soon be listening to your cellphone call. That's the word from the Chaos Communication Conference in Berlin, an annual get-together for hackers.

Cryptographers at the conference say they've been able to crack a code that, on a normal day, prevents the interception of mobile phone calls by forcing those phones to consistently change frequencies across a list of about eighty channels.

Since those not working for a cellphone company would have an almost impossible time knowing the sequence of this frequency change-up, hackers usually have no way of intercepting more than a few seconds of a phone call.

Cryptographers Crack GSM Code

That's changed, says 28-year-old cryptographer Karsten Nohl. Cryptographers were recently able to crack the code and went so far as to post it on the Internet, in hopes that cellphone companies would recognize that the algorithm they've been using is not only vulnerable, but unsustainable.

"We now know this is possible," said Nohl at the Berlin conference. Attacks are "practical," and "there are real vulnerabilities that people are exploiting." (Source:

The GSM Association, which represents about eight hundred operators in over two hundred different countries, has allegedly been aware of this kind of code hack but says it hasn't yet seen the research.

It remains skeptical. "GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls," noted a GSM spokesperson, who added, "...this is theoretically possible but practically unlikely."

Crack Complex, but Certainly Troubling

Reports suggest the GSM was actually well aware of the possible code hack back in August but dismissed the threat since it is, in fact, extremely complex and difficult to pull off. That's true; it took Nohl and twenty-four volunteers months to develop a code comprised of 2,000 gigabytes of information and capable of cracking the GSM's algorithm.

Despite the crack's complexity, Nohl's announcement has many in the tech world -- and beyond -- very worried. "Organizations must now... assume within six months their organizations will be at risk," noted Stan Schatt, VP of healthcare and security at ABI Research. (Source:

For its part, the GSM plans to move to a new, more robust algorithm soon -- but perhaps not soon enough. Thus far, no timetable has been set for a change that is steadily becoming critical.

| Tags:
Rate this article: 
No votes yet