The GSM technology used by the majority of the world’s mobile phones will get some scrutiny at this week’s Black Hat security conference, and what the security researchers there have to say isn’t pretty.

On Friday, an open source group released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, this software uses new, very efficient, encryption cracking tables that allow it to break A5/1 encryption much faster than before.

The software is a key step toward eavesdropping on mobile phone conversations over GSM (Global System for Mobile Communications) networks.

In December, the group released a set of encryption tables designed to speed up the arduous process of breaking A5/1 encryption, but the software component was incomplete. Now the software is done, and the tables are much more efficient than they were seven months ago.

…. Read more of the original article at ComputerWorld.

Following a recent crack of the simpler A5/1 standard, researchers at the Weizmann Institute of Science say they have cracked the A5/3 security cipher (nicknamed Kasumi) by using what’s known as a “sandwich” attack. The group accomplished its goal by creating a distinguishing trait for the key and using just four related keys to determine the key for Kasumi itself.

While breaking the security takes time, the approach theoretically leaves GSM more directly exposed to call interceptions and other threats. Most cellular carriers still use the lower-grade GSM quality (A5/1) as their base calling technology, but 3G/UMTS (the upgrade to GSM) uses Kasumi and is potentially exposed as well.

More information:- http://www.emergentchaos.com/archives/2010/01/another_week_another_gsm.html