FRANKFURT, Germany - A German security expert has raised the ire of the cell phone industry after he and a group of researchers posted online a how-to guide for cracking the encryption that keeps the calls of GSM-standard cell phone users secret.
Karsten Nohl, 28, told the Associated Press this week that he, working with others online and around the world, created a codebook showing how to get past the GSM encryption used to protect conversations on more than three billion mobile phones.
Nohl said the purpose was to push companies to improve security, not to hurt them. The collaborative effort put the information online through file-sharing sites.
GSM, the leading cell phone technology around the world, is used by several wireless carriers in the United States, with the largest being AT&T Inc. and T-Mobile USA Inc. Verizon Wireless and Sprint Nextel Corp. use a different standard.
The GSM Association, a trade group that represents nearly 800 wireless operators, said it was mystified by Nohl's rationale.
Claire Cranton, a spokeswoman for the London-based group, said that "this activity is highly illegal in the U.K. and would be a serious RIPA offense as it probably is in most countries." RIPA, or the Regulation of Investigatory Powers Act, is a British law governing the interception of user logs and e-mails of suspected criminals by security and intelligence agencies.
It has already been possible to intercept GSM calls, but the equipment is generally only available to law enforcement. Regular wiretapping of cellular calls is also possible, since they travel unencrypted over standard wiring after being picked up by a cell tower. As a result, terrorists or criminals may talk in code and use prepaid phones they then discard.
Even with Nohl's exploit, expensive and sophisticated radio equipment placed close to the target is required to pull the calls off the air.
Sujeet Shenoi, a professor of computer science at the University of Tulsa, said that while the code-breaking guide raises privacy issues, his main concern is that organized crime will take advantage of it to make money, perhaps by eavesdropping on transactions between consumers and merchants.
Nohl's effort undermines the 21-year-old algorithm used to ensure the privacy of phone calls made on GSM (global system for mobile communication) cell phone networks. The algorithm is gradually being replaced with one much tougher to crack.
While there has been criticism, there is also some faint praise and admiration for Nohl's effort.
"People have been trying to crack GSM for a long time," software-security expert Simon Bransfield-Garth told AP. "Whether putting it in the public domain was wise is an entirely different debate."