Our most popular phone technologies use decade-old proprietary cryptography. GSM's 64bit A5/1 cipher, for instance, is vulnerable to time memory trade-offs but commercial cracking hardware costs hundreds of thousands of dollars. We discuss how cryptographic improvements and the power of the community created an open GSM decrypt solution that runs on commodity hardware. Besides GSM we discuss weaknesses in DECT cordless phones. The talk concludes with an overview of mitigation steps for GSM and DECT in response to our research, some of which are already being implemented.
Karsten Nohl unifies the worlds of scientific research, hacking laboratories, and corporate risk management in executing high impact security projects. His research focuses mainly on privacy protection in popular technologies such as RFIDs and phones. His hacking projects disclose and usually break proprietary cryptography. Through his consulting projects, Karsten designs 'secure enough' technologies in private and public applications.