GSMA Statement on Media Reports Relating to the Breaking of GSM Encryption
GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls. On most GSM networks, the communications link between the handset and the radio base station uses the A5/1 privacy algorithm to scramble the signal.
Over the past few years, a number of academic papers setting out, in theory, how the A5/1 algorithm could be compromised have been published. However, none to date have led to a practical attack capability being developed against A5/1 that can be used on live, commercial GSM networks.
Reports of an imminent GSM eavesdropping capability are common. The GSMA, which welcomes research designed to improve the security of communications networks, routinely monitors the work of groups in this area. In 2007-8, a hacking group claimed to be building an attack on A5/1 by constructing a large look-up table1 of approximately 2 Terabytes – this is equivalent to the amount of data contained in a 20 kilometre high pile of books. In theory, someone with access to the data in such a table could use it to analyse an encrypted call and recover the encryption key.
Another group has announced similar plans in 2009. However, before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product.
Today, mobile networks are typically configured to optimise call set-up times, capacity and other aspects related to operational efficiency. But mobile operators could, if it ever proved necessary, quickly alter these configurations to make the interception and deciphering of calls considerably harder. Moreover, intercepting a mobile call is likely to constitute a criminal offence in most jurisdictions.
All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM. More broadly, A5/1 has proven to be a very effective and resilient privacy mechanism. By comparison, inexpensive and readily available radio scanners could be used to intercept calls on the analogue cellular networks that pre-dated GSM and which did not use encryption.
The mobile industry is committed to maintaining the integrity of GSM services and the protection and privacy of customer communications is at the forefront of operators’ concerns. The GSMA has been working to further enhance privacy protection on GSM networks and has developed a new high-strength algorithm, A5/3. Over the past decade, export control agencies have removed many of the traditional barriers to the sale of cryptographic technologies enabling the development and use of A5/3. This new privacy algorithm is being phased in to replace A5/1.Back