It used to be limited to just your cellphone provider, the SA government and its various branches and bureaucracies, any foreign government, any other organisation with sufficient motivation and resources, or anybody with the skills to find and bribe a couple of easily-bribed network provider employees. But as of this week, anyone with a couple of grand for equipment and two hours to spare can listen in on your cellphone calls.
If you thought your cellphone conversations were secure before, then you were, well, a damn fool. But at least your retired neighbour couldn’t listen in on your calls for casual amusement, and your business rivals would have had to hire a crooked private investigator (and wait a couple of days) to get that kind of intelligence. Now, however, they’ll just need some off-the-shelf hardware and the ability to use a search engine.
Or so we hear. Note that actually doing so would be illegal in South Africa and that we would never, ever, engage in such activity. Nor would we encourage you to do so. Cross our hearts.
The encryption standard used in normal GSM operation, A5/1, has been known to be vulnerable for many years, but those who cracked it kept their methods to themselves. This week the Chaos Computer Club, a German group with a history of neat hacks, published a solution, and a couple of hours later it was all over the interweb.
To use it will require a laptop or two, proximity to the cellphone you want to tap (a couple of hundred meters will be close enough), a couple of GSM modems to which you have low-level access, and a modicum of technical ability. Or the ability to find and follow detailed instructions.
The GSM Association, which is responsible for the encryption standard, says the hack is illegal (which is true, in some countries), that it is technically infeasible (which is downright false) and that phone calls are protected because there are so very many of them going on at any one time that picking out the right one is like finding a needle in a haystack. That last argument is by far the best, but is (a) cold comfort when you’re supposed to have proper protection and (b) not an obstacle that is particularly hard to overcome.
A5/1 is two decades old, which is why a more secure alternative, A5/3, was finalised two years ago. It is far more robust and has no currently known vulnerabilities. It is also in use by virtually nobody anywhere in the world, because network operators haven’t been willing to spend the money required for its implementation.
Our advice: go back to the landlines when the call really matters. At least only the government (and its various arms), Telkom and its employees and anybody who can lever open the local exchange box down the street and clip on a couple of wires can listen to those.
By Phillip de Wet
Daily Maverick © All rights reserved