The BBC has reported that a German computer scientist has cracked and published details of the encryption algorithm used to protect calls using the GSM mobile phone network worldwide.
This means, at its worst, that the private conversations of four billion mobile phone users can be easily listened in on by criminals or even the authorities. Private detectives and employers could also use the technique to spy on people’s activities, or your local council could add it to the arsenal of surveillance techniques they already employ against their local residents in the name of “counter-terrorism”.
I’ll get to why I can’t really take this seriously in a minute, but first we need to deal with the science bit.
Karsten Nohl has spent five months working with other experts to crack this algorithm and presented his findings to the Chaos Communication Conference in Berlin recently. He said he wanted to “inform people about this widespread vulnerability” and “[hoped] to create some additional pressure and demand from customers for better encryption”.
The GSM Association (GSMA) said that Nohl’s work would be “highly illegal” in the UK and many other countries, but before revealing his findings he had apparently checked with lawyers and believed his work was legal.
The encryption code is intended to prevent calls being intercepted by forcing mobile phones and base stations to rapidly change radio frequencies over a spectrum of 80 channels, according to the BBC.
Obviously Nohl and his colleagues haven’t released the actual algorithm, but they’ve potentially made it possible for cracking to take place with only a few thousands of pounds worth of kit, rather than the hundreds of thousands worth previously required.
So should we be bothered about this? For the average person it will make very little difference and could potentially be beneficial, especially in bringing criminals, genuine ones that is, not the people local councils think are criminals for over-filling their wheelie bins, to justice.
So far as government and national security is concerned this will also make very little difference. The security services have used beefed up encryption for years now and if you really wanted to know what the security services were doing you need only check a staff member’s Facebook profile or look for an abandoned laptop in the back of a taxi.
The repercussions for business will be more serious, but business has happily been using email, probably one of the least secure communications methods, for years now without too much trouble occurring.
It was inevitable that this encryption would be cracked eventually. This is the way of things with technology. Every single encryption code or technique that’s used to protect our data, from online banking to ID cards, is vulnerable and will inevitably be cracked at some stage. As a society we will need to come to terms with this.
It is good however that the mobile phone carriers will have to look again at this and it should spur on the development of 4G and IP over WiMax mobile telephony, though the security for those should also be looked at again.
In the mean time it is very likely that the list of presents you received for Christmas and the funny story about Nan’s snoring could now be in the public domain… unless you’ve already posted it on Facebook that is!
