O’Reilly Radar is reporting news of a new web service that claims to offer real time decryption of the GSM protocol.
Cracking GSM encryption has always been a computationally intensive process but thanks to a technique known as Rainbow Tables (essentially, this just means working out a lot of the hard sums in advance and storing the answers in a huge lookup table) a lot of the work has already been done.
The other ingredient is a device called a Universal Software Radio Peripheral (USRP) - unlike most receivers that can pick up, say, FM transmissions, TV or mobile phone signals the USRP can receive the lot. It is relatively simple to program the device to isolate particular signals and these are then digitised for analysis by the cracking service.
What does this mean for the security of GSM phone calls? Well, according to O’Reilly, the service should let you grab a live GSM call and begin listening in on it within 30 seconds.
The article (and the researchers behind the service) are at pains to point out that it is illegal to intercept other peoples’ calls and that you should only try this with your own phone - advice which I am sure will be followed to the letter.
Cracking GSM encryption has always been a computationally intensive process but thanks to a technique known as Rainbow Tables (essentially, this just means working out a lot of the hard sums in advance and storing the answers in a huge lookup table) a lot of the work has already been done.
The other ingredient is a device called a Universal Software Radio Peripheral (USRP) - unlike most receivers that can pick up, say, FM transmissions, TV or mobile phone signals the USRP can receive the lot. It is relatively simple to program the device to isolate particular signals and these are then digitised for analysis by the cracking service.
What does this mean for the security of GSM phone calls? Well, according to O’Reilly, the service should let you grab a live GSM call and begin listening in on it within 30 seconds.
The article (and the researchers behind the service) are at pains to point out that it is illegal to intercept other peoples’ calls and that you should only try this with your own phone - advice which I am sure will be followed to the letter.