It's the world's most commonly used cell phone encyrption, and according to a new report, the NSA can crack it and decode private cell conversations.
Citing documents from NSA whistleblower Edward Snowden, The Washington Post reports the spy agency can “process” encrypted cell phone calls on 2G GSM networks — otherwise known as Global System for Mobile communications. It does so by cracking a decades old encryption technology called A5/1.
A5/1's vulnerabilities are well-known. As a writer for NBC puts it, "a modern PC would have little trouble performing the attacks."
Things is, while most cell phone carriers around the world rely this technology, the big ones in the U.S. like Verizon and Sprint do not — instead relying on more sophisticated encryption. (Via Sprint)
AT&T does use A5/1, according to the Post, but is in the process of upgrading its networks to an A5/3 encryption — a technology much harder to crack.
The NSA responded to the Post’s report with this statement: “Throughout history nations have used encryption to protect their secrets, and today terrorists, cyber criminals, human traffickers and others also use technology to hide their activities. The Intelligence Community tries to counter that ...”
The NSA has made clear it only eavesdrops on the conversations of foreign citizens, but experts warn even if the U.S. isn't decoding the private conversations of its citizens — it’s possible other nations and other hackers are.
And as Ars Technica points out, cracking A5/1 is cheaper to do than ever — costing as little as $650.
A writer at Gizmodo says more than anything it’s disconcerting that phone providers have been so slow to update their technology to prevent this from happening. “Hopefully this will be the kick carriers need to finally upgrade all their phones to encryption software that actually, well, works.”
The leaked documents don’t say whether the NSA has the ability to penetrate newer 3G and 4G GSM networks.