NSA Can Easily Decode One of the World's Most Common Cellphone Encryption Standards
The National Security Agency can listen in to phone calls made from devices using the most common wireless standard in the world. According to recent reports, a widely used GSM (also known as 2G) wireless encryption standard is easy pickings for the NSA.
According to a new Washington Post report, based on documents leaked by ex-NSA contractor Edward Snowden, the NSA appears to be able to easily decrypt one of the most commonly used cellphone data encryption standards in the world. Known as A5/1, this encryption cipher was developed in the 1980s and is still commonly used in 2G networks all over the world, especially in less developed areas.
The report cites a leaked top-secret internal NSA document, which states that "NSA can process encrypted A5/1 GSM when the cryptovariable [encryption key] is unknown." The NSA's ability to process other encrypted GSM signals with known cryptovariables was also noted in the document. Combined with the NSA's global signals collection operation and the fact that approximately 80 percent of the world's wireless calls are GSM, this newly exposed capability means that the agency likely has broad, sweeping access to private cellphone conversations and communications.
Second generation GSM is widely available in the U.S. as well, though newer standards like CDMA (e.g., Verizon) and others, such as 3G and 4G, provide newer, better encryption, along with faster speeds, in the U.S. and other developed countries that can afford it. However, 3G and 4G are still based on the GSM standard, and phones can still use, or be tricked into using, the older 2G frequency for voice calls, making them susceptible to NSA decoding.
According to the Post, experts say that the NSA may even be able to decode newer encryption standards, but it would likely require much more time and processing power, making sweeping surveillance of those newer networks much less practical. "At that point, you can still listen to any [individual] phone call, but not everybody's," said Karsten Nohl, chief scientist at Security Research Labs in Berlin, to the Washington Post. However, no mention was made in the current Snowden document about the NSA's ability (or lack thereof) to crack CDMA, 3G, and 4G standards.
In any case, it's against the law in the U.S. conduct surveillance on the content of private conversations without specific court permission, and the NSA has repeatedly said its sweeping surveillance programs are directed at intelligence targets overseas. In reaction to the Washington Post's report, the NSA issued a statement saying, "Throughout history nations have used encryption to protect their secrets, and today terrorists, cyber criminals, human traffickers and others also use technology to hide their activities. The Intelligence Community tries to counter that in order to understand the intent of foreign adversaries and prevent them from bringing harm to Americans and allies."
This isn't the first blow to the GSM data security this year. In the summer a firm called Security Research Labs found a bug in the older-generation Data Encryption Standard (DES) for SIM cards - also used all over the world, especially in developing countries - that could allow a hacker to monitor, track, and steal data remotely, within two minutes on any standard computer.
Incidentally (or not), the DES technology is also decades old, having been designed by IBM in the late 70s, with the close collaboration of one noteworthy, data-driven U.S. intelligence agency with a three-letter abbreviation. I bet you can guess which one.