GSM(Global System for Mobile Communications) network are protected by a 20-year old security algorithm known as A5/1 which is no longer secure. Recently, the same researcher who revealed the weakness in GSM network claims that the encryption in GPRS is no longer secure as well.
Karsten Nohl, chief scientist of Berlin-based Security Research Labs, will show how to crack the encryption that is meant to protect information sent over General Packet Radio Service (GPRS).
Nohl and his group said that they intended to release his instructions at a conference of the Chaos Computer Club, a computer hackers’ group, which is being held near Berlin in Finowfurt, Germany. They will describe how to convert a Motorola C-123 cellphone, which is designed to run open-source software, into an interception device. But he said he would not release the keys to unlock the encryption used by operators to secure GPRS networks.
Many operators continue to run unencrypted data networks because it allows them to more easily filter out services like Skype, filter viruses and monitor all types of traffic.
According to Nohl’s group, the only way to protect the network is to implement better authentication among devices and base stations communicating over GPRS. The ciphers used by the standard should be improved as well.
The GSM Association, an organization that regulates GPRS as well as GSM has not made any comment on this issue.
[Source]- The New York Times
P.s: How much efforts have Celcom, DiGi & Maxis taken to ensure that our mobile networks are secure?