In News That Will Surprise No One, NSA Has Cracked Mobile Phone Encryption To Listen In On Calls
from the duh dept
One of the latest reports from the Snowden documents over at the Washington Post falls more into the “well, duh” category than many previous reports. The NSA has easily cracked the A5/1 encryption used to encrypt mobile phone conversations on many GSM mobile networks. Of course A5/1 has been around forever, and others have shown that it’s not particularly secure for quite some time. But, it’s just a reminder that, yes, of course, the NSA could listen in on calls. Some networks do use more modern encryption, which is much harder for the NSA to crack, and it sounds like the recent revelations are leading at least some mobile operators to upgrade the encryption on their network. Still, at this point, it seems safe to assume that if you want to have a truly private conversation, you shouldn’t use a phone.
Filed Under: a5/1, encryption, mobile phones, nsa, privace
Comments on “In News That Will Surprise No One, NSA Has Cracked Mobile Phone Encryption To Listen In On Calls”
Learn telepathy...
Then they can’t listen in without you knowing.
Re: Learn telepathy...
Until it becomes a common communications method and they develop devices to read them. Not that they can read thoughts yet. Right.
Re: Learn telepathy...
I’m not sure how smart an idea that would be, given some governments/courts(mostly in the UK so far I believe) already seem to be entertaining the idea of ‘thought crimes’. They really don’t need more encouragement to head down that path, do they?
Re: Re: Learn telepathy...
Lets just hope Tom Cruise is still around to save us.
Re: Re: Re: Learn telepathy...
Ha! Tom Cruise is working for them, not us. Besides, if anyone develops a way to crack telepathy “encryption” it’ll be the Scientologists.
Re: Re: Re: Learn telepathy...
Sorry but could we all just hope that Tom ‘Thumb’ Cruise will Not ‘still be around’ at all.
Re: Re: Learn telepathy...
If I know telepathy, I’d use it to make them see naked, ugly women all the time, so they can’t do anything.
Old School
When I was younger, my friends and I would use Dixie cups and a really long string to communicate. We were always baffled by the stranger in our house who brought his own dixie cup and sat between us. But now I know it was the NSA ensuring my safety. Thank You NSA agents who made sure I was safe from terror bu listening into our Dixie cup conversation. Because of yoi the Boogey man only attacked me twice.
Re: Old School
Only twice? The NSA says they protected you from Boogey Man plots 54 times.
Re: Re: Old School
And that explains why there was always a goat staked outside the bedroom.
Re: Re: Re: Old School
100 internets for the Jurassic Park reference! XD
Re: Old School
Re: Old School
I will steal your comment, copy it, edit it, and
put it on old tee-shirts for sale at $1.00 each.
I plan to make gillions of yaun and not give you
a thing.
Electronic means of communication is to the point of pretty much everything used by the public is no longer guaranteed private. If you want a private conversation take it to the farmer’s field with nothing in the pockets. Walking out in the middle of the field is most likely more secure.
Re: Re:
Walking out to the middle of a field could be suspicious behaviour, and is not proof against shotgun microphones. A quiet conversation in a noisy environment, away from any possible microphones is better, like playing loud music in the room, with speakers close to any windows to defeat listening by a laser on the window.
Re: Re: Re:
“Walking out to the middle of a field could be suspicious behaviour”
Actually, that is a sign of a good farmer.
– Outstanding in their field –
Re: Re: Re: Re:
Okay, dad, get off of techdirt.
You and your dad jokes.
Re: Re: Re:
Two words: parabolic microphone.
Re: Re:
walking in bullshit to avoid bullshit . . irony at it’s best
Ciphering indication
How do you really know that your phone is using encryption at all? The answer is: you don’t. Few phones show a “ciphering indication” to the user, and even for these, the carrier can suppress the ciphering indication by setting a flag in the SIM.
This article talks about the A5/1 cipher. There is an even less secure cipher, A5/2. According to Wikipedia, “[…] the 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then an unencrypted connection can be used.” Of course, if that happens, you will not know due to the lack of a ciphering indication.
The older 2G protocols also have other problems, for instance the lack of mutual authentication making it easier to spoof a base station. If you know how to do it and are in an area with good 3G/4G coverage, it is a good idea to disable the use of the older protocols by your phone (set it to “WCDMA and LTE only” or similar). This does not fix everything, but is a good first step.
Re: Ciphering indication
“How do you really know that your phone is using encryption at all?”
How do you know they are not listening and watching even when the device is (supposedly) turned off?
Re: Re: Ciphering indication
Faraday cage.
?
Physics.
Re: Re: Re: Ciphering indication
I like this game.
How do you know that there is not a caching system waiting to get a signal when it is turned on that sends the collected data?
Re: Re: Re:2 Ciphering indication
haha – good one
Re: Re: Re: Ciphering indication
I prefer the term ‘no-room’
I am all for the NinjaTel Van’s to start appearing everywhere.
VOIP using ZRTP encryption is pretty secure.
Re: Re:
Only if you and the people you talk to control the keys. If a third party controls the keys, assume that they will give them to governments so that they can remain in business and out of jail.
Re: Re: Re:
The whole point of ZRTP is that you and the people you talk to control the keys.
There are no private conversations unless you are in the wilderness, far away from technology.
“it seems safe to assume that if you want to have a truly private conversation, you shouldn’t use a phone.”
Or you can speak a foreign language since no one working for the government seems to have the merit to do so.
Then again I guess they can hire a translator. My theory, fire the worthless monolinguals and keep the translators since everyone in the intelligence community should be at least bilingual and the monolinguals are simply a deadweight to taxpayers. Hiring predominantly monolingual English speakers simply biases the spying against English speaking Americans while reducing the extent that foreign language speakers get spied on which isn’t fair to English speakers who are, allegedly, less likely to be terrorists anyway, right?
Living in a Society of Fear
The dystopian fantasies of yesteryear are now a reality. We?ve allowed the coming of an age where the civil liberties our forefathers fought so hard for are being eroded by the day. Freedom of Press, Freedom of Speech and Freedom of Assembly are mere ghostly images of their original intent. We?ve woken up to an Orwellian Society of Fear where anyone is at the mercy of being labeled a terrorist for standing up for rights we took for granted just over a decade ago. Read about how we?re waging war against ourselves at http://dregstudiosart.blogspot.com/2011/09/living-in-society-of-fear-ten-years.html
Re: Living in a Society of Fear
I remain unafraid. I encourage everyone to join me.
A lot of people don’t realize this, but the codec used in the landline network (uLaw) is pretty capable; it’s basically the equivalent to 14-bit linear PCM.
This is important because you can use basically any form of encryption or obfuscation radio people have implemented, so long as it fits into a 4 khz channel. The “speech optimized” CELP algorithms used in cellular phones by contrast make this impossible. So while cell phones are certainly not as secure as they should be, this isn’t an inherent bottleneck in the entire network.
Stop Saying "Will Surprise No One"
Mike,
You do great work in fighting for our freedoms, of late, specifically the 4th.
However, every time anyone uses some reductive lingo like:
“surprising no one”
“in a move we all expected”
“Duh”
“obviously”
…it actually changes the tone of the discussion from one of discuss to one of inevitability. People are already far too apathetic, and a sense of futility just feeds that apathy. We should use language more like:
“constitutional shocker”
“What’s next?”
“Now this is awful”
“confirming your worse fears”
Now, I KNOW YOU are disgusted, and that you believe you can play a role in change. So be sure to use language that shows it.
zrtp is just a choise
calling via any zrtp enabled provider – or – via xvoice.eu for example is a good “secure calls” solution
i like that one a lot. good show!