Researchers question mobile phone security

The mobile phone industry last month unveiled its latest set of security protocols, but some researchers are arguing more work is needed to improve the existing system.

As so-called mobile phone hacking returns to the news, the security algorithms developed for the new 4G LTE (Long Term Evolution) network are being scrutinised online by members of the communications community.

However, it’s likely to be years before the more secure 4G protocols benefit the general population as most mobile phone users are still connected to the 2G network and use a system of algorithms first created in the late 1980s.

A code book, plus a ‘beefy gaming computer and $3,000 worth of radio equipment’ could be used to crack A5/1 algorithm encryption

While recent allegations made against reporters at the News of the World under the editorship of Andy Coulson refer to the unauthorised use of PINs and passwords rather than the interception of calls, the affair raises the issue of whether enough is being done to secure current mobile communications.

The main way of preventing people tapping into mobile phone lines is by encrypting the transmission using a cipher. Each handset uses its own ciphering key along with a standard algorithm to create a signal that only the network can read.

Several academics have published details of attacks on the A5/1 algorithm used to encrypt the GSM standard used by most mobile phones in order to highlight what they see as the vulnerability of a system.

The latest, Berlin-based cryptographer Karsten Nohl, developed a code book that he said could be used with a ‘beefy gaming computer and $3,000 worth of radio equipment’ to crack the encryption.

Nohl told The Engineer that the mobile phone industry had been very slow to react to the problem. ‘The GSM network has some improvement potential that was specified more than two years ago,’ he said. ‘Unfortunately none of the network operators have installed this software patch yet.’

Simon Bransfield-Garth, chief executive of personal phones security firm Cellcrypt, said the cost of equipment and software to carry out interception had come down dramatically. ‘If someone was determined, it’s now orders of magnitude easier to intercept calls than it was three years ago.’

But crucially, he added, people in the UK were reasonably immune to attacks because strong rule of law, lack of corruption and privacy laws made the network much more secure than in some Latin American and Asian countries.

Despite the published theories, ‘none to date have led to a practical attack capability being developed that can be used to eavesdrop on live, commercial GSM networks’, according to James Moran, head of security for the GSM Association of nearly 800 mobile phone operators.

He told The Engineer that all of the industry’s infrastructure suppliers have been delivering equipment with the updated algorithm for some time. ‘Handset manufacturers have also started to deploy A5/3 in their latest product lines and over a period of time support for the algorithm will become more widespread.’

Nigel Smart, professor of cryptography at Bristol University, said he wouldn’t be surprised if even the new 4G algorithms were broken within the next 15 years, but that intercepting mobile phone calls still wasn’t a practical option.

’To be able to capture the amount of data from a phone call… analyse it, break the algorithm, recover the key, and decrypt the voice call is so complicated no one’s ever going to do it,’ he said.

It would be much easier to monitor someone’s communications by trying to guess their voicemail PIN or account password, or even by physically tapping their landline, he added.

However, if further improvements in technology meant interception did become a problem, the methods of fixing it would be complicated. ‘There is a structural problem in the industry where nobody even knows who would be in charge of doing the things that need to be done,’ said Nohl.

He compared the industry to the internet in the 1990s when viruses first became a widespread issue and users were forced to turn to personal software because operating systems were not secure enough.

‘There is no one company like Microsoft that can be put in charge to fix all the problems – the ball is being thrown back and forth between organisations such as the GSMA, the mobile operators and the equipment manufacturers… It’s not a well-maintained technology that receives regular updates.’