Guest tsutton Posted August 26, 2009 Report Share Posted August 26, 2009 Huge GSM flaw allows hackers to listen in on voice calls Seems that someone has found a flaw with the GSM encryption, which is used on mobile phones all over the world during the Hacking at Random (HAR) conference in Netherlands. So bad, they are saying it's a "massive flaw".Recently at the Hacking at Random (HAR) conference, held in the Netherlands, Karsten Nohl detailed plans for cracking standard GSM cell phone encryption, known as A5/1, and will be making the results available for anyone to use. GSM stands for Global System for Mobile communications and is the most commonly used cell phone standard in the world, and is used in Europe, Africa, Asia, New Zealand, Australia, America and Canada. The GSM flaw is massive and would affect not only businesses but individuals also as once the hack is complete it means anyone with a $500 radio card and a laptop will be able to listen in to GSM calls, making it easier for criminals to obtain personal data and making listening in on normal voice calls a real and everyday threat. It also mentioned that it has been "known" since 1994, but wasn't actually found by someone until now. This is a bit worrying. Hopefully this is being looked at soon, or get the telecoms to move over to the newer technology which doesn't have this flaw. Thankfully I don't do online banking on my phone, but I'm not sure about other people who does that. Do you think this is being overhyped? Or is this a great cause of concern? Will you stop doing anything confidential on your phone? [Via: Neowin] Link to comment Share on other sites More sharing options...
Guest Mysterious Stranger Posted August 26, 2009 Report Share Posted August 26, 2009 http://www.theregister.co.uk/2009/08/25/gsm_cracked/ Slightly more factually accurate and links back to the source story in the Financial Times rather than using wooly terms like 'recently' 'would' 'could' 'may' etc.. In theory, *anything* can be cracked, so 'potentially being known since 1994' is moot, it's being *done* in realtime without a supercomputer thats the killer, and it's unlikely that in 1994 ( or even 1996 when it was first suggested) that any home computer would manage to do this. People talk all the time, for example about cracking Sky's viewing card encryption. Doesn't mean it's ever likely to happen. From my understanding you'll need to be in the same cell range of the handset you're 'spying' on it's not a case of plugging in a phone number and listen away - it eavesdropes on the communication between the handset and the tower, and also assumes a little bit of trial and error to find the feed if you are being spied upon. Fuss about nothing. Plus 3G handsets use the stronger encryption even over the 2.5G network so all newer handsets are fine. For now..... ;-) M.S Link to comment Share on other sites More sharing options...
Recommended Posts