NSA Able To Crack A5/1 Cellphone Crypto 122
jones_supa writes "The most widely used cellphone encryption cipher A5/1 can be easily defeated by the National Security Agency, an internal document shows. This gives the agency the means to intercept most of the billions of calls and texts that travel over radiowaves every day, even when the agency would not have the encryption key. Encryption experts have long known the cipher to be weak and have urged providers to upgrade to newer systems. Consequently it is also suggested that other nations likely have the same cracking capability through their own intelligence services. The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on 2G GSM. It is unclear if the agency may also be able to decode newer forms of encryption, such as those covered under CDMA."
And this is news? (Score:5, Informative)
Hardly rocket science these days, see e.g.https://srlabs.de/decrypting_gsm/
Re: And this is news? (Score:5, Informative)
A5 has been broken for *years*.
(Since 1994 according to wikipedia: https://en.wikipedia.org/wiki/A5/1#Security [wikipedia.org] , with many improved attacks since then)
So this is hardly "news" ... but it's good to keep shining bright lights on the NSA to keep them scurrying.
Re:So what? (Score:5, Informative)
FYI, in usual radio communication, what flies through the air are not electrons but photons. These photons are generated by wiggling a few electrons back and forth at the transmitter, and this in turn wiggles a few electrons back and forth on the receiving end.
Re:Hysterics (Score:5, Informative)
Thst's 14 year old news (Score:5, Informative)
Many governments have warned industrialists not to discuss secrets when using a mobile phone near the country borders. Only the radio channels are encrypted in GSM, lawful interception happens on the wired network that interconnects the base stations so eavesdropping on A5/1 is mostly used when lawful interception is not an option, e.g. listening to the GSM traffic of other countries.
VoIP + ZRTP (Score:5, Informative)
I haven't tried it out yet, but ZRTP [wikipedia.org] apparently provides strong (PGP-based) encryption for VoIP. So why not just quit using cellphone "voice calls" entirely? There exist cellphone plans that provide enough data cheaply enough to make this work economically.