Forgot your password?
Encryption Communications United States Your Rights Online

NSA Able To Crack A5/1 Cellphone Crypto 122

Posted by timothy
from the keith-alexander-huffs-righteously dept.
jones_supa writes "The most widely used cellphone encryption cipher A5/1 can be easily defeated by the National Security Agency, an internal document shows. This gives the agency the means to intercept most of the billions of calls and texts that travel over radiowaves every day, even when the agency would not have the encryption key. Encryption experts have long known the cipher to be weak and have urged providers to upgrade to newer systems. Consequently it is also suggested that other nations likely have the same cracking capability through their own intelligence services. The vulnerability outlined in the NSA document concerns encryption developed in the 1980s but still used widely by cellphones that rely on 2G GSM. It is unclear if the agency may also be able to decode newer forms of encryption, such as those covered under CDMA."
This discussion has been archived. No new comments can be posted.

NSA Able To Crack A5/1 Cellphone Crypto

Comments Filter:
  • by Anonymous Coward on Saturday December 14, 2013 @09:54AM (#45688693)

    I get the feeling they're just drowning themselves in data now. Back in the day, a lot of Turing's great work was for nothing because there wasn't enough staff to process the reams of decrypted traffic coming in, and that was just from the German navy. Yea they can do dumb-ass word-level matching automatically, but I guess most of the potentially useful semantic stuff goes straight down the drain.

  • by Anonymous Coward on Saturday December 14, 2013 @10:03AM (#45688739)

    It isn't a private speech. You have no reasonable expectation of privacy because it is now widely known that the government spies on our communications. Therefore, it is not reasonable to have an expectation of privacy.

    Man, the courts really screwed up when they called it an "expectation of privacy".

  • Hysterics (Score:5, Interesting)

    by squiggleslash (241428) on Saturday December 14, 2013 @10:26AM (#45688845) Homepage Journal

    1. A5/1 is the "insecure, intended for export" cipher. Any US or European operator that uses it is not following recommendations.
    2. It was cracked in the early 1990s. It would be bizarre if the NSA didn't know how to read it. Like I said, it was never intended to be secure by its creators. As in - GCHQ, the NSA's UK ally, has ALWAYS known how to crack it.
    3. One problem with intercepting a GSM mobile call would be dealing with the fact that, as soon as you move away from the transmitting device, you're having to deal with interference from neighboring cells. Which is why any intelligence agency worth its salt isn't going to do that terribly often. What they'd do is install the tap on the operator's network.

    So, in short, this article is claiming the NSA "can do" something, but only in non-Western countries, that it's unlikely to need to do given the fact the alternatives are way easier, and that we know it "can do" anyway, and knew it in the mid-1990s, and probably figured it could do right from the beginning given the close relationship between the NSA and CCHQ. This is news... why?

  • Re:Only Logical (Score:0, Interesting)

    by Anonymous Coward on Saturday December 14, 2013 @10:27AM (#45688849)

    Yes, you can be. And so can any member of the NSA, FBI, etc that does the tapping without a warrant. Wake up people. The government can do things that the average user does not know or care about. This is meant to help protect us. You are all so paranoid about people listening to your conversation illegally that you don't even bother to look up what guidelines that they have to follow. RTFM! It's called public accessible knowledge for a reason!

  • by davecb (6526) <> on Saturday December 14, 2013 @10:31AM (#45688877) Homepage Journal

    Actually it's an expectation a randomly-selected private individual would have, in the absence of specific knowledge. The proverbial "person on the Clapham omnibus" would have the expectation that the government won't act illegally against him. The paranoid wearing the tinfoil hat in the next seat, who considers all governments illegal and intrusive, doesn't count in this case.

    It's also called "a reasonable expectation of privacy", where "reasonable[1]" doesn't include admittedly illegal mass collection efforts by the CSE.

    Now that the cat's out of the bag, reasonable expectations still hold (the action's illegal, after all), but absolute ones fail. Consult a lawyer in your country for specifics.

    [1. It's interesting to note you can't translate "reasonableness" into Latin or modern French. It seems to be something very English-language-specific. My college's motto, "Let Reasonableness Flourish", is in English because of that oddity, and it says interesting things about other countrys' jurisprudence.]

  • Re:Only Logical (Score:4, Interesting)

    by NormalVisual (565491) on Saturday December 14, 2013 @01:33PM (#45689753)
    And the other part of the problem is that those charged with enforcing the laws won't do it. Both James Clapper and Keith Alexander have openly admitted to lying before Congress (which is a federal felony) regarding the NSA issue, and no one responsible for enforcing the law has said boo about it.

Never invest your money in anything that eats or needs repainting. -- Billy Rose