Securing the Mobile Enterprise

August 30, 2009

hacking A5/1

Filed under: Mobile Security — Balaji Prasad @ 11:52 pm
Tags: , ,

A5/1 is a stream cipher that is used to provide OTA security on GSM wireless networks. Vulnerabilities in this protocol have been known for years. It has been rumored that these vulnerabilities were left unfixed more due to political concerns than technical.Earlier this month, researcher Karsten Nohl has unveiled software that uses the distributed computing power of thousands of graphics processors (a la-‘ SETI) to construct a massive rainbow table  of GSM codes. A rainbow table is just a fancy name for a look up table that allows one to “invert” a hash. This hack in its most benign form would allow the community to come up with an open-source GSM protocol (though the market and business case for this is as yet unclear), however a more sinister manifestation would allow a hacker to snoop the airwaves and listen in on any cellular conversation(shudder!!). In the US, Verizon and Sprint are unaffected by this flaw, though AT&T and T-Mobile are potentially vulnerable. Presently there is no software or technique out there that can exploit this, however that could change soon. The GSM Association is said to be working on updating this decades old protocol and address some of its security flaws. About time!!


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Create a free website or blog at

%d bloggers like this: