Cell phone codebook exposes security gaps

Recent code-cracking research has made it easy, fast and cheap for unauthorized people to listen to your conversations and maybe read data you send over your GSM wireless phone. That might not be a huge problem — it all depends.

The event that precipitated this new vulnerability occurred in the last week of December, when the work by German security expert Karsten Nohl and a group of researchers was posted on file-sharing sites for the first time.

6 ways to make your cell phone more secure

The newly compiled GSM codebook — actually a lookup table of GSM encryption keys — facilitates the cracking of the encryption scheme that protects the calls of about 3 billion cell phone users in 212 countries. In the United States, that means users of cell phones from T-Mobile and AT&T Inc., which is a vendor under the General Services Administration's Networx Enterprise and Universal contracts.

AT&T declined to comment on GSM encryption or related issues for this story. As of press time, GSA had no comment because, a spokesman said, “we have no experience with the issue.”

Even before compilation of the codebook, listening in on GSM (for Global System for Mobile Communications) phone conversations was possible using any of about four commercial tools. Tool costs range from about $100,000 to $250,000; the task required a supercomputer and up to three months, Nohl said.

With the codebook, it takes open-source software available free on the Internet, $2,800 in radio equipment, a laptop PC, a 3T hard disk and less than an hour, according to a list compiled by Nohl and posted on the Web site of Cellcrypt Inc., which makes cell phone encryption software.

Industry group GSM Association (GSMA) has maintained that in practice such targeting is difficult to achieve, a statement Nohl disputes. An expenditure of less than $5,000 would let someone intercept calls before they get to the cell tower, capture and store the data, decrypt it using the codebook, and play the conversation, he said. “But to get the other side of the phone call, you would need to know where the phone was and point equipment at the cell tower nearest it,” he added.

“To capture all the phone conversations in an agency building for decoding requires a lot of resources,” said Stan Schatt, security practice director at ABI Research. “You’d have to be something like a foreign government agent to have that kind of storage."

Also, although voice travels via GSM, data often goes over 3G networks, which offer better protection, Schatt said.

“I don’t think the codebook publishing forces anyone’s hand,” he said, at least in the consumer market, which has historically been unwilling to pay for extra security. “Although if Verizon were to make commercials and talk about security instead of 3G network coverage, that could change.”

But it’s not about consumers, Schatt said. “This is a battle that’s being fought among large enterprises. Our research shows that most large companies expose more sensitive information over cell phones than they do over e-mail. People assume their cell phone is protected, but that’s not necessarily true.”

Publicizing that fact is the reason for the codebook project, Nohl said in August when he announced its launch. First, he wanted to make public the need for companies, especially those that offer financial services, to provide better security. And second, he wanted to pressure carriers into upgrading from the 64-bit A5/1 encryption scheme, which was developed in 1988, to the more robust 128-bit A5/3.

GSMA developed the 128-bit A5/3 algorithm, which officials said is gradually replacing A5/1. That upgrade schedule will be accelerated as a result of the codebook's release, Nohl said. “The GSMA and 400 or so members are meeting next month to talk about upgrading to A5/3. T-Mobile is talking about it. Only AT&T is being stubborn about not upgrading.”

Until carriers upgrade GSM encryption or move voice services to 3G, people can use handsets that have built-in encryption or add encryption software to their cell phones, Nohl said.

“There is a lot of inertia around implementing [A5/3] because of costs,” Schatt said. Until GSMA pushes for its universal adoption, it’s unlikely to advance very rapidly. “A lot of government officials already have A5/3 or something similar, much like what they put on [President Barack] Obama’s BlackBerry.”

And as flawed as A5/1 is, he said, it’s better than what exists throughout most of the world outside the United States and Western Europe. “If you’re in Russia, for example, you have no security at all.” Some multinational corporations that have employees in such parts of the world have already been looking at added encryption, he said.

“Someone can capture your phone conversation, decrypt it and find out about your family, where you’ll be at a particular time, and you could be kidnapped,” Schatt said. “Oil companies for years have been using encryption for that reason.”

The catch is that users at both ends of the call must have the software installed and running because when you have unequal security, it will default to the lowest level, he said.

“This is a wake-up call for government agencies that talk to the public or those that regularly disclose sensitive information on the phone,” Schatt said.