This week brought some bad news for mobile phone users. German security expert Karsten Nohl showed how easy it is to eavesdrop on GSM-based (Global System for Mobile Communications) cell phones, including those used by AT&T and T-Mobile customers in the U.S.
Nohl, who has a doctorate in computer engineering from the University of Virginia, made headlines last year publicizing weaknesses in wireless smart card chips used in transit systems around the globe.
(Credit: Kingsley Liu)
CNET interviewed Nohl via e-mail on Thursday about his latest work and what the implications are for the more than 3 billion GSM mobile phones worldwide, representing about 80 percent of the market, according to the GSM Alliance.
Q: You made quite a splash at the Chaos Communication Congress hacker conference in Berlin this week. What happened?
Nohl: We showed that GSM, the widely used cell phone standard, is insecure, and explained how your neighbor might already be listening in on your calls. After GSM's security was declared outdated several times before, we were the first to make tools available for people to verify its insecurities.
Q: In August you launched an open-source, distributed computing project designed to crack GSM encryption and compile it into a code book that can be used to eavesdrop on calls. Is this week's announcement related to that?
Nohl: Yes, at the conference a code book was released--a data set previously only available to well-funded organizations. This code book has been computed in just a few months thanks to many volunteers on the Internet.