The GSM encryption algorithm A5/1, the code used to secure mobile phone communications, has been cracked by a German cryptographer, Karsten Nohl. Much has been made of this feat, which was done by capturing large amounts of encrypted signals and then subjecting them to a sustained attack (trying one key after another until one eventually worked) enlisting the help of members of the public throughout the world who ‘leant’ him the processing power of their PCs and games consoles! It was estimated that trying to hack the code would have taken over 100,000 years on a single PC – by enlisting a ‘botnet’ of networked public PCs they allegedly managed it in 3 months.

A stronger encryption method exists already, called A5/3, which uses 128-bit encryption over the 64-bit encryption used by A5/1, but operators need to upgrade their networks to support this stronger standard and there is a risk if they do so that older phones will no longer work. Upgrades are being rolled out, but for those that haven’t yet upgraded their network, this will hopefully serve as a push to do so: new services such as SMS banking could all provide attractive reasons for hackers to try to intercept your traffic.

It is important to appreciate that this applies to the GSM standard only: 2G communications – it does not apply to WCDMA (3G).

Although the method employed by Karsten requires that he be close enough to an individual’s phone to be able to record the traffic, with the cost of cellular equipment falling, for a few £1000 it is not beyond the means of the average hacker to purchase equipment to create a ‘fake’ base station and capture the traffic of all handsets that register with it: all it needs to be able to do is broadcast the appropriate 5-digit SIC of the network operator and operate at a higher power rate than any other towers in the area.
This is possible due to weaknesses in the GSM architecture – we have seen before (http://blog.brightpointuk.co.uk/introduction-mobile-data-technologies) that with GSM, phones are each assigned a specific ‘carrier’ on a set frequency and use this carrier to send encrypted data to the tower. However this carrier is only used for the user’s traffic (voice and data). The ‘behind-the scenes’ signalling done between the phone and the tower to monitor network registration and signal strength is all done over a reserved carrier, known as the SS7 carrier. This carrier is NOT encrypted – a GSM phone will talk to and register with any base station that identifies itself correctly.

In order to do this practically, all you need is some suitable radio hardware connected to a PC. OpenBTS is a free piece of software available for download that enables you to program the connected radio transceiver with frequency, power and SIC information (http://openbts.sourceforge.net/). Designed for setting up cheap networks in greenfield and third world areas, OpenBTS can be used to act as a cell site for GSM phones. When used in conjunction with AirProbe or WireShark, voice and signalling traffic can be isolated and the voice traffic sent to a PC for decryption. The decrypted traffic can then be passed to any IP PBX, such as Asterisk, where the voice call can be recorded and listened to via a PC Softphone.
I say that that is 'all' you would need - this is far from plug and play equipment we're talking about.

This is not the first time the A5/1 standard has been cracked, what differentiates this news is that Karsten has written out the entire A5/1 codeset – all possible input values and their encrypted counterparts – and posted it on the Internet: approximately 2TB of data. This enables the decryption of encrypted communications in ‘real time’ with suitable processing hardware.
Karsten’s motivation for doing this is allegedly an altruistic one – he wants networks to beef up security. He has certainly got a lot of public attention.

Vodafone, Orange, O2 and T-Mobile all use A5/1 on their 2G GSM networks in the UK.

NOTE - whilst Karsten Nohl has demonstrated the ability to intercept voice communications, should you be sending encrypted data over a GSM link (such as a VPN connection), once the GSM encryption has been removed, the encrypted VPN data will still be just that - encrypted, so don't take this news to mean that all data is now vulnerable to interception.