GSM Encryption (or the Lack Thereof)

At 26C3 there were a couple of pretty interesting talks dealing with GSM security and how it can be easily broken through active (IMSI catching) and passive (rainbow table attacks on the A5/1 cipher) attacks.

Now, researcher’s are pushing to phase out GSM’s A5/1 cipher replacing it with modern, non-proprietary cryptography as countermeasure to the weaknesses facilitating A5/1’s susceptibility to passive eavesdropping. While this is certainly not a bad idea, it will end up with all but secure GSM calls considering that for GSM calls only the wireless interface benefits from the encryption. It will prevent John Doe from listening to your GSM calls using a wiretapping device placed in front of your apartment, but by no means will it lead to end-to-end security for GSM calls.

So, instead of attacking the wireless interface a malicious hacker would have to turn to the (fixed) telephone network to get hold of your calls.

In the end, only end-to-end encryption of calls will be able to prevent such attacks, so this is IMHO what we should be striving for in the long run.