One of the more interesting presentations during the first day of the Black Hat DC conference on Wednesday was a demonstration of a cheap, quick method for capturing and decrypting calls made on the GSM cell phone network. Security researchers David Hulton and Steve Miller showed a standing-room only crowd how they’ve been able to use commodity hardware to implement what they say is the first practical attack on the algorithm used to encrypt GSM calls, A5/1. The attack involves capturing some known plaintext and then using that and some other elements to compute the encryption key.
There have been a number of other theoretical attacks on the encryption algorithm proposed in recent years, but Hulton said the technique that he and Miller developed is the only real practical method for capturing and deciphering GSM calls. “A lot of other attacks are academic BS,” he said.
Miller also pointed out a number of security problems in the GSM platform as a whole, including the fact that encryption keys are reused for as many as 16 calls. “There is no security on GSM,” Miller said.