In News That Will Surprise No One, NSA Has Cracked Mobile Phone Encryption To Listen In On Calls
from the duh dept
One of the latest reports from the Snowden documents over at the Washington Post falls more into the "well, duh" category than many previous reports. The NSA has easily cracked the A5/1 encryption used to encrypt mobile phone conversations on many GSM mobile networks. Of course A5/1 has been around forever, and others have shown that it's not particularly secure for quite some time. But, it's just a reminder that, yes, of course, the NSA could listen in on calls. Some networks do use more modern encryption, which is much harder for the NSA to crack, and it sounds like the recent revelations are leading at least some mobile operators to upgrade the encryption on their network. Still, at this point, it seems safe to assume that if you want to have a truly private conversation, you shouldn't use a phone.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: a5/1, encryption, mobile phones, nsa, privace
Reader Comments
Subscribe: RSS
View by: Time | Thread
Learn telepathy...
[ link to this | view in chronology ]
Re: Learn telepathy...
[ link to this | view in chronology ]
Re: Learn telepathy...
[ link to this | view in chronology ]
Re: Re: Learn telepathy...
[ link to this | view in chronology ]
Re: Re: Re: Learn telepathy...
[ link to this | view in chronology ]
Re: Re: Re: Learn telepathy...
[ link to this | view in chronology ]
Re: Re: Learn telepathy...
[ link to this | view in chronology ]
Old School
[ link to this | view in chronology ]
Re: Old School
[ link to this | view in chronology ]
Re: Re: Old School
[ link to this | view in chronology ]
Re: Re: Re: Old School
[ link to this | view in chronology ]
Re: Old School
[ link to this | view in chronology ]
Re: Old School
put it on old tee-shirts for sale at $1.00 each.
I plan to make gillions of yaun and not give you
a thing.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Actually, that is a sign of a good farmer.
- Outstanding in their field -
[ link to this | view in chronology ]
Re: Re: Re:
You and your dad jokes.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Ciphering indication
This article talks about the A5/1 cipher. There is an even less secure cipher, A5/2. According to Wikipedia, "[...] the 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then an unencrypted connection can be used." Of course, if that happens, you will not know due to the lack of a ciphering indication.
The older 2G protocols also have other problems, for instance the lack of mutual authentication making it easier to spoof a base station. If you know how to do it and are in an area with good 3G/4G coverage, it is a good idea to disable the use of the older protocols by your phone (set it to "WCDMA and LTE only" or similar). This does not fix everything, but is a good first step.
[ link to this | view in chronology ]
Re: Ciphering indication
How do you know they are not listening and watching even when the device is (supposedly) turned off?
[ link to this | view in chronology ]
Re: Re: Ciphering indication
Physics.
[ link to this | view in chronology ]
Re: Re: Re: Ciphering indication
How do you know that there is not a caching system waiting to get a signal when it is turned on that sends the collected data?
[ link to this | view in chronology ]
Re: Re: Re: Re: Ciphering indication
[ link to this | view in chronology ]
Re: Re: Re: Ciphering indication
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Or you can speak a foreign language since no one working for the government seems to have the merit to do so.
Then again I guess they can hire a translator. My theory, fire the worthless monolinguals and keep the translators since everyone in the intelligence community should be at least bilingual and the monolinguals are simply a deadweight to taxpayers. Hiring predominantly monolingual English speakers simply biases the spying against English speaking Americans while reducing the extent that foreign language speakers get spied on which isn't fair to English speakers who are, allegedly, less likely to be terrorists anyway, right?
[ link to this | view in chronology ]
Living in a Society of Fear
[ link to this | view in chronology ]
Re: Living in a Society of Fear
[ link to this | view in chronology ]
This is important because you can use basically any form of encryption or obfuscation radio people have implemented, so long as it fits into a 4 khz channel. The "speech optimized" CELP algorithms used in cellular phones by contrast make this impossible. So while cell phones are certainly not as secure as they should be, this isn't an inherent bottleneck in the entire network.
[ link to this | view in chronology ]
Stop Saying "Will Surprise No One"
You do great work in fighting for our freedoms, of late, specifically the 4th.
However, every time anyone uses some reductive lingo like:
"surprising no one"
"in a move we all expected"
"Duh"
"obviously"
...it actually changes the tone of the discussion from one of discuss to one of inevitability. People are already far too apathetic, and a sense of futility just feeds that apathy. We should use language more like:
"constitutional shocker"
"What's next?"
"Now this is awful"
"confirming your worse fears"
Now, I KNOW YOU are disgusted, and that you believe you can play a role in change. So be sure to use language that shows it.
[ link to this | view in chronology ]
zrtp is just a choise
[ link to this | view in chronology ]
[ link to this | view in chronology ]