Pawel Kopczynski / Reuters |
The latest documents from the National Security Agency leaked by
Edward Snowden show that government spies are capable of listening in on
mobile phone calls that use a common form of encryption, according to
a Washington Post report. But if you’re vulnerable, blame your carrier — this code has been cracked for years.
The Post on Friday published confidential government documents
provided by Snowden that show that the NSA can “process” cellular phone
calls on GSM networks, even if they are encrypted. GSM, which stands for
Global System for Mobile communications, is the world’s most widely
used cellphone technology — though several large networks, notably
Verizon and Sprint, rely on an older network technology called CDMA.
The report may sound scary, but there’s a bit of explanation required that puts this in perspective.
First, it’s only calls and not data that can be eavesdropped on, in
this way at least. Second, it’s only calls that have been encrypted
according to a common standard called A5/1 — which was developed in
1987. The vulnerability comes into play on 2G networks, which modern
cellphones may resort to it when 3G or 4G networks are not available or
too congested.
It’s not uncommon for old cryptography methods to
be in use for decades, or become relevant after years of disuse. But
A5/1 has remained in use despite several serious vulnerabilities being
demonstrated by cryptographers. The methods are too technical to get
into here, but a modern PC would have little trouble performing the
attacks; a number of papers on the subject are stored atCryptome.
Why are carriers and phone manufacturers around the world using
such an out-of-date cypher? It’s not clear, but some carriers are
already making the change to the newer A5/3 method of encryption.
One other thing to consider is that these conversations, however
strong their encryption, are automatically decoded upon reaching the
carrier’s internal network. So even if the NSA can’t listen in between a
target and the tower, they could bring a judge-signed order to the
carrier and not have to decrypt anything at all.
Lastly, the NSA has repeatedly stated that it only snoops on
conversations involving foreign citizens, as it has no legal basis by
which to conduct such surveillance on Americans. But if they can crack
A5/1, others can as well — for everyone from hackers to foreign
intelligence services, the cat’s been out of the bag for a long time.
Source : NBC News
Post a Comment