The security of the most widely used standard in the world for transmitting mobile phone calls is dangerously flawed, putting privacy and data at risk, two researchers warned at the Black Hat conference in Europe last week.

Researchers David Hulton and Steve Muller showed at Black Hat in the U.S. last month how it was possible to break the encryption on a GSM (Global System for Mobile Communications) call in about 30 minutes using relatively inexpensive off-the-shelf equipment and software tools. The hack means they could listen in on phone calls from distances of up to 20 miles (32 kilometers) or farther away.

Since 1991 when GSM networks debuted, the integrity of their security has declined as researchers probed. In 1998, the A5/1 and the A5/2, a weaker stream cipher, were broken.

Commercial interception equipment is available(NSA anyone) now to eavesdrop on calls, which can cost up to US$1 million. Hulton and Muller were game for a challenge and wanted to do it more cheaply. For around $700 they bought a Universal Software Radio Peripheral, which can pick up any kind of frequency up to 3GHz.

And now they're planning to commercialize the technique, although Hulton said they will vet buyers.

said by TKJunkMail :

»news.yahoo.com/s/pcworld/2008033···d/143969