GSM encryption key revealed

Mobile phone security

A German security expert has published details of how to break the encryption algorithm used by GSM mobile phone technology, highlighting the ageing system's increasing vulnerability.

Karsten Nohl, 28, used a hacker conference in Berlin to publish the work of a collaborative research project to crack the 21-year-old GSM algorithm, a 64-bit encryption function known as A5/1, in a "code book" containing the the encryption key used in a GSM call.

Global System for Mobile Communications (GSM) is the standard form of digital voice encryption that keeps conversations on more than three billion handsets private more than 80 per cent of the world's mobile phones.

Nohl and research partner Chris Paget said their research proves that with relatively modest funds and some widely available open-source tools, GSM encryption can be cracked, allowing virtually anyone in theory to listen in on phone calls.

However, the GSM Association (GSMA) played down the demonstration. It pointed out that the practical complexity of the so-called hack made it highly difficult both to set up and to perform unnoticed, and in any case it said the newer, far stronger A5/3 algorithm was in the process of replacing A5/1.

"We consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," a spokeswoman said. "A5/1 has proven to be a very effective and resilient privacy mechanism."