An algorithm which mobile phones and communication networks use to keep 80% of worldwide conversations secure has been cracked by a team of German computer scientists, and details have been posted online.
BBC Technology and The New York Times have reported on Karsten Nohl and his group of five colleagues, who have dedicated the last five months of their lives working to decode the way in which GSM mobile phone networks protect the conversations that their customers have. The encryption method was created by the GSM Association – and now that Nohl has cracked it, the opportunity for criminals to use it to illegally tune into telephone conversations is suddenly much more possible.
The GSM Association, however, have said that the work of Nohl and his team is highly illegal in many countries around the world, but, according to Nohl, his lawyers have informed him that what he is doing is within the law. He says that all he was trying to do was highlight the “vulnerability” of this type of encryption on mobile networks.
However, this method has been used for twenty-two years, and Mr. Nohl says that he wants to “crack” the code at the Hacking at Random conference in August 2010, an annual multi-day event hosted in The Netherlands. He told the BBC that his reason for doing this was to add “pressure” to researching other methods of encryption, therefore making mobile telephone networks more secure. You can find the information as to how Nohl and his team decoded the encryption in the article by the BBC and you can find more information at this article by The New York Times.
I’m not entirely sure how I feel about this revelation. In some ways, it is a total breach of security and it upsets me that group of people have worked together to crack an algorithm which will endanger my private conversations. I don’t understand it fully: if these scientists care so much about security of telephone networks, why release this information publicly. Why would they not go directly to the organizations responsible for encryption – and then there could be work carried out to upgrade the security without allowing criminals a method to carry out fraud and eavesdropping.
In a different light, however, I am happy the Nohl has shone a spotlight on an important area of security which, if now can be decoded, should certainly be upgraded and made stronger – regardless of in which manner he has done it. I eagerly wait to see what comes of this story?
What do you think? Are you upset that this revelation has been made? Do you think organizations need to do more to encrypt our telephone calls? Is Mr. Nohl doing the right thing? Are you afraid this may endanger your personal information? Please let us know, in a comment.