Though the Cold War has (officially) ended, it appears not to be over, and has spilled over into civilian life. Recently it has come to light that the NSA has cracked cellphone code, enabling it to listen to private conversations. While the White House vacillates between what is “legal” and “illegal”, cellphones users are turning to their providers to assurances that they are responding with better data encryption of cellphone technology.
The news is not that law enforcement and military units can hack into cellphones, individually, it is the scale on which the NSA can and is doing it, that is news. The key is the agency’s ability to crack the encryption used by most cellphones used around the world. The central point is that if the NSA has cracked this code, that others can and or will likely do it as well, it’s only a matter of time. That pivots the conversation to the real point – how strong is your cellphone carrier’s data encryption?
Encryption experts have long railed that the catholic technology, known as A5/1, is inherently vulnerable and urged cellphone providers to upgrade to systems that are tougher nuts to crack. Perplexingly, the majority of these companies chose not to, even after the leak of NSA tapping into German Chancellor Angela Merkel’s cellphone brought the matter home.
Not only do the Snowden documents reveal that the NSA can “can process encrypted A5/1” without an encryption key, experts say they believe the NSA may also be able to decode more recently developed versions of encryption, albeit with a greater expenditure of time and computing power.
Hack Day: What is and What is Not at Risk
The technology most vulnerable was developed 30 years ago, but is still widely used. Specifically, second-generation (2G) GSM, is easier to be hacked, and is the predominate cellphone technology (except for in the wealthiest nations). 3G and 4G networks are faster and offer better encryption. Nonetheless, weak or no encryption is used in over 80% of cellphones worldwide. And even 3G or 4G networks might carry voice calls over older, and susceptible to decoding, frequencies.
Names of vulnerable carriers were not provided in the Snowden document nor does it specify if the NSA can decode data-flows from cellular devices (typically encrypted with different technology). “If the NSA knows how to do this, presumably other intelligence agencies, which may be more hostile to the United States, have discovered how to do this, too,” according to Matthew Blaze, a University of Pennsylvania cryptology expert.
Though digital transmission and encryption are nearly universally available in the U.S., governments usually dictate which kind of encryption technology will be deployed by cellphone service providers (e.g., through such agencies as NIST), thereby creating a conflict of interest in a situation like the one we’re learning of now where the agency can and has recommended data encryption that it knows it can decode and hack into (Source: http://winmagic.com/products/enterprise-server-encryption/mobile-device-management). In other countries, including China, the situation is worse in that they feature weak encryption or none at all for their cellular communications.