In News That Will Surprise No One, NSA Has Cracked Mobile Phone Encryption To Listen In On Calls

from the duh dept

One of the latest reports from the Snowden documents over at the Washington Post falls more into the "well, duh" category than many previous reports. The NSA has easily cracked the A5/1 encryption used to encrypt mobile phone conversations on many GSM mobile networks. Of course A5/1 has been around forever, and others have shown that it's not particularly secure for quite some time. But, it's just a reminder that, yes, of course, the NSA could listen in on calls. Some networks do use more modern encryption, which is much harder for the NSA to crack, and it sounds like the recent revelations are leading at least some mobile operators to upgrade the encryption on their network. Still, at this point, it seems safe to assume that if you want to have a truly private conversation, you shouldn't use a phone.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    silverscarcat (profile), Dec 16th, 2013 @ 1:41am

    Learn telepathy...

    Then they can't listen in without you knowing.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Ninja (profile), Dec 16th, 2013 @ 1:46am

      Re: Learn telepathy...

      Until it becomes a common communications method and they develop devices to read them. Not that they can read thoughts yet. Right.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      That One Guy (profile), Dec 16th, 2013 @ 2:52am

      Re: Learn telepathy...

      I'm not sure how smart an idea that would be, given some governments/courts(mostly in the UK so far I believe) already seem to be entertaining the idea of 'thought crimes'. They really don't need more encouragement to head down that path, do they?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Dec 16th, 2013 @ 4:05am

        Re: Re: Learn telepathy...

        Lets just hope Tom Cruise is still around to save us.

         

        reply to this | link to this | view in chronology ]

        •  
          identicon
          Anonymous Coward, Dec 16th, 2013 @ 5:31am

          Re: Re: Re: Learn telepathy...

          Ha! Tom Cruise is working for them, not us. Besides, if anyone develops a way to crack telepathy "encryption" it'll be the Scientologists.

           

          reply to this | link to this | view in chronology ]

        •  
          identicon
          NOT APPLICABLE, Dec 16th, 2013 @ 6:02am

          Re: Re: Re: Learn telepathy...

          Sorry but could we all just hope that Tom 'Thumb' Cruise will Not 'still be around' at all.

           

          reply to this | link to this | view in chronology ]

      •  
        icon
        silverscarcat (profile), Dec 16th, 2013 @ 5:41am

        Re: Re: Learn telepathy...

        If I know telepathy, I'd use it to make them see naked, ugly women all the time, so they can't do anything.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Capt ICE Enforcer, Dec 16th, 2013 @ 3:50am

    Old School

    When I was younger, my friends and I would use Dixie cups and a really long string to communicate. We were always baffled by the stranger in our house who brought his own dixie cup and sat between us. But now I know it was the NSA ensuring my safety. Thank You NSA agents who made sure I was safe from terror bu listening into our Dixie cup conversation. Because of yoi the Boogey man only attacked me twice.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 4:18am

    Electronic means of communication is to the point of pretty much everything used by the public is no longer guaranteed private. If you want a private conversation take it to the farmer's field with nothing in the pockets. Walking out in the middle of the field is most likely more secure.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 16th, 2013 @ 4:37am

      Re:

      Walking out to the middle of a field could be suspicious behaviour, and is not proof against shotgun microphones. A quiet conversation in a noisy environment, away from any possible microphones is better, like playing loud music in the room, with speakers close to any windows to defeat listening by a laser on the window.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      NOT APPLICABLE, Dec 16th, 2013 @ 6:05am

      Re:

      walking in bullshit to avoid bullshit . . irony at it's best

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 5:18am

    Ciphering indication

    How do you really know that your phone is using encryption at all? The answer is: you don't. Few phones show a "ciphering indication" to the user, and even for these, the carrier can suppress the ciphering indication by setting a flag in the SIM.

    This article talks about the A5/1 cipher. There is an even less secure cipher, A5/2. According to Wikipedia, "[...] the 3GPP has approved a change request to prohibit the implementation of A5/2 in any new mobile phones. If the network does not support A5/1, or any other A5 algorithm implemented by the phone, then an unencrypted connection can be used." Of course, if that happens, you will not know due to the lack of a ciphering indication.

    The older 2G protocols also have other problems, for instance the lack of mutual authentication making it easier to spoof a base station. If you know how to do it and are in an area with good 3G/4G coverage, it is a good idea to disable the use of the older protocols by your phone (set it to "WCDMA and LTE only" or similar). This does not fix everything, but is a good first step.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 16th, 2013 @ 5:25am

      Re: Ciphering indication

      "How do you really know that your phone is using encryption at all?"

      How do you know they are not listening and watching even when the device is (supposedly) turned off?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 5:27am

    I am all for the NinjaTel Van's to start appearing everywhere.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 5:45am

    VOIP using ZRTP encryption is pretty secure.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Dec 16th, 2013 @ 7:00am

      Re:

      Only if you and the people you talk to control the keys. If a third party controls the keys, assume that they will give them to governments so that they can remain in business and out of jail.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 6:48am

    There are no private conversations unless you are in the wilderness, far away from technology.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 7:39am

    "it seems safe to assume that if you want to have a truly private conversation, you shouldn't use a phone."

    Or you can speak a foreign language since no one working for the government seems to have the merit to do so.

    Then again I guess they can hire a translator. My theory, fire the worthless monolinguals and keep the translators since everyone in the intelligence community should be at least bilingual and the monolinguals are simply a deadweight to taxpayers. Hiring predominantly monolingual English speakers simply biases the spying against English speaking Americans while reducing the extent that foreign language speakers get spied on which isn't fair to English speakers who are, allegedly, less likely to be terrorists anyway, right?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Brandt, Dec 16th, 2013 @ 12:10pm

    Living in a Society of Fear

    The dystopian fantasies of yesteryear are now a reality. We’ve allowed the coming of an age where the civil liberties our forefathers fought so hard for are being eroded by the day. Freedom of Press, Freedom of Speech and Freedom of Assembly are mere ghostly images of their original intent. We’ve woken up to an Orwellian Society of Fear where anyone is at the mercy of being labeled a terrorist for standing up for rights we took for granted just over a decade ago. Read about how we’re waging war against ourselves at http://dregstudiosart.blogspot.com/2011/09/living-in-society-of-fear-ten-years.html

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 16th, 2013 @ 2:15pm

    A lot of people don't realize this, but the codec used in the landline network (uLaw) is pretty capable; it's basically the equivalent to 14-bit linear PCM.

    This is important because you can use basically any form of encryption or obfuscation radio people have implemented, so long as it fits into a 4 khz channel. The "speech optimized" CELP algorithms used in cellular phones by contrast make this impossible. So while cell phones are certainly not as secure as they should be, this isn't an inherent bottleneck in the entire network.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Derek Kerton (profile), Dec 17th, 2013 @ 10:04am

    Stop Saying "Will Surprise No One"

    Mike,

    You do great work in fighting for our freedoms, of late, specifically the 4th.

    However, every time anyone uses some reductive lingo like:
    "surprising no one"
    "in a move we all expected"
    "Duh"
    "obviously"

    ...it actually changes the tone of the discussion from one of discuss to one of inevitability. People are already far too apathetic, and a sense of futility just feeds that apathy. We should use language more like:

    "constitutional shocker"
    "What's next?"
    "Now this is awful"
    "confirming your worse fears"

    Now, I KNOW YOU are disgusted, and that you believe you can play a role in change. So be sure to use language that shows it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dennys, Dec 17th, 2013 @ 10:45am

    zrtp is just a choise

    calling via any zrtp enabled provider - or - via xvoice.eu for example is a good "secure calls" solution

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Dec 17th, 2013 @ 1:17pm

    i like that one a lot. good show!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This