You already know cell-phone conversations aren't that secure, right? That everything you say could be overheard, even if only by the annoyed-looking people always standing around you in elevators or subways while you try to make yourself heard about the important details of your day (yes, all of them. What are you, into keeping secrets?)
A German wireless encryption expert lent a lot of weight to his argument that the GSM data protocol used on 80 percent of the world's phones is inherently insecure by demonstrating the way he and a research partner could intercept a digital cell-phone broadcast and decrypt it on the fly quickly enough to listen in to the conversation.
Karsten Nohl, chief scientist at Berlin-based Security Research Labs and former Ph.D. candidate at the University of Virginia, decrypted the algorithms and published them in 2009 as a way to demonstrate that both GSM and the General Packet Radio Service (GPRS) data network that runs on top of it is vulnerable to attack. In 2008 he also cracked the encryption algorithms for the RFID cards in credit cards in 2008, though he and his partners in the project didn't disclose all the details on how to accomplish that on their own.
"GSM cell phone calls use outdated encryption that can now be cracked with rainbow tables on a PC," according to a headline on the home page of Security Research Labs promoting Karsten's writeup of the project.
In the U.S., AT&T and T-mobile use GSM networks. Sprint and Verizon use the competing CDMA, which Nohl didn't examine because it is owned by Qualcomm, rather than being open-source as is GSM..
"GSM Security Project creates tools to test and document vulnerabilities in GSM networks around the world so to ignite the discussion over whether GSM calls can and should be secured. The project is summarized in this BlackHat 2010 presentation," the project itself reads.
Nohl wrote that, using his method, it's possible to intercept, record, decrypt and listen to conversations on GSM phones using open-source and/or free software and very basic hardware.
Using a PC and set of rainbow tables – lists of terms often used as passwords – it takes about 11 minutes to crack and encrypted GPRS conversation, though many countries don't even encrypt GPRS traffic, making the crack even faster, he said.
It's also possible to intercept and decrypt data traffic so that it reads as cleanly as if it were sent in plain text, he said.
His writeup offers guidance and a list of required materials, though he asks readers to register before the site will send it.
“This shows that existing G.S.M. security is inadequate. We are trying to push operators to adopt better security measures for mobile phone calls,” the NYT quoted Nohl as saying at the 2009 Chaos Communications Congress session at which he revealed the encryption algorithms for GSM phone networks and the work that went into cracking them.
Given its inherent lack of a good encryption standard, GSM is hopeless for security, Nohl told Forbes. Add-on software that runs on the phones themselves, such as Whisper Systems for Android or Cryptophone for Linux are both improvements.
Software-based encryption is weaker than encryption built right into the networking protocol, however, he said. That's the weakness carriers need to address.