GPRS connections easily tapped
The New York Times reports that crypto specialist Karsten Nohl has found a way of listening to GPRS data traffic within a range of up to 5 kilometres using an old, modified Motorola C123 phone. Nohl says he intends to present details of the attack at the Chaos Communication Congress, which started earlier today (10 August) in Finowfurt, Germany.
The providers' encryption was reportedly easy to crack. GPRS uses the GPRS-A5 encryption algorithm, which is a variant of the A5 algorithm that is specially designed for packet-oriented connections; the A5 algorithm is used with GSM. Along with UMTS, GPRS is still a commonly used data service in mobile telephony.
Nohl reportedly told the New York Times that he recorded and decrypted transmissions in the German mobile networks of T-Mobile, O2 Germany, Vodafone and E-Plus. In his tests, encryption in Italy was apparently found to be even weaker, and some operators had no encryption at all.
Nohl said that he doesn't plan to publish any encryption keys or recordings of his findings, but that he does intend to provide the software he used for the attack. He added that he hopes that mobile telephony providers will respond by improving the encryption for GPRS. At the previous 27th Chaos Communication Congress (27C3), Nohl had demonstrated that it takes only minutes to record and decrypt mobile phone conversations on the GSM network using a modified budget phone and some open source software.