CIOZone.com - Professional Network for CIOs and IT Professionals

Well I thought I would add a couple of words on the recent news that the GSM A5/1 stream cipher has been cracked. For those who don’t know A5/1, it is a steam cipher which is used to encrypt the dialing and voice coming from and going to GSM handsets. The recent news is that cryptographer Karsten Nohl publicized a method for capturing and decrypting A5/1 with a very small investment in equipment. The key point of this research seems to show that the cipher is not secure enough to truly provide sufficient security.

Lets us just think what it would be like if your normal everyday mobile conversations were able to be relatively easily captured and decrypted with limited resources. This ties in with one of my former posts about implicit security, most people think nothing of giving away very personal information over a mobile phone. As mobile phones have become more prevalent their use as a primary phone has also followed, this fact also makes it so that more and more private information is being exchanged over these phones. If this cipher is able to be cracked with limited resources then this trust is not earned and another solution for security must be found. The solution to this in the long run will just be the use of another more refined cipher but when that will be is in question. Another question is whether this crack is really an issue to the wider public at present. The advantage is that this crack does require a high level of crypto knowledge in order to implement at this time and the development of easy to use “script kiddie” tool types also do not exist at this time.

I guess the point out of this is to be aware that it is possible that these communications are out there to be listened to so be sure to take care of your personal information and always keep an eye on your credit files.

Comment on this article

Only registered users can write comments.
Please login or register.