We've know for a while that the A5/1 encryption used by most carriers is vulnerable to exploitation, especially since they seemed not to care at all about its vulnerabilities, but now it looks like the system has been cracked to the extent that the U.S. National Security Agency (NSA), and presumably other intelligence agencies around the world, can listen in on and read our private conversations and text transmissions. The Washington Post:
The extent of the NSA’s collection of cellphone signals and its use of tools to decode encryption are not clear from a top-secret document provided by former contractor Edward Snowden. But it states that the agency “can process encrypted A5/1” even when the agency has not acquired an encryption key, which unscrambles communications so that they are readable.
Experts say the agency may also be able to decode newer forms of encryption, but only with a much heavier investment in time and computing power, making mass surveillance of cellphone conversations less practical.
A5/1 was originally devised in the 1980s for 2G GSM radio, and while many carriers now provide 3G voice channels, they still fall over into 2G often enough for it to be problematic. WaPo states that 80% of worldwide calls still use the old, or no, encryption. The leaked documents do not provide any information on CDMA network vulnerabilities.
There's no Voice over LTE (VoLTE) yet, but when that technology gets deployed, better encryption should proliferate along with it. A5/3, for example, requires 100,000 times the compute power to attack. AT&T already provides better encryption on 3G, but will be upgrading "parts" of its 2G network to A5/3 as well.
Regardless of how you feel about government surveillance, these exploits never remain solely in the hands of governments, or of people who we would trust with our private conversations, texts, and data. Should the carriers be doing more? Should the manufacturers and service providers be doing more? How important is your privacy?
Reader comments
Thanks to outdated encryption, NSA, other security agencies, can reportedly intercept private cellphone calls and texts
There should be a clause in our 2 year contract that states for the price we are paying we should be exempt from spying, but I'm sure it's legally phrased in such a way as to bend us over the table for the NSA. Oh joy.
xP
Sent from the iMore App
So you believe that the NSA is spying on you through phone calls and texts. Out of all the people int he world, you're one a the chosen ones. My, what an interesting life you must lead.
[put in tin foil hat]
They are watching each and every one if us.
[looks over left shoulder]
They let the terrorists cause trouble to bolster justification of such government organizations.
[puts tape over FaceTime camera]
They've been monitoring my sarcasm, this, whole, time...
Sent from the iMore App
nsa has been spying on us and listening to our phones and emails and everything just in case we're saying terrorist stuff this isn't new
I'm sure there can be more to be done. This is a hard situation and kind of for both. How I don't want my data to be watched. I'm make me concern with when they are not able to catch these terrorists because of so much privacy. I don't have anything to hide and I want them to be able to find the bad guys as well. But I guess it also protects us from hackers as we'll. something to think about it for sure.
Sent from the iMore App
That kind of looks like a White Z10....
Sent from the iMore App
nsa spying everyone ....
Sent from the iMore App