A German computer boffin has worked out a way to crack code used to encrypt most of the world’s mobile Internet traffic.
Karsten Nohl is going to publish a guide to prompt global operators to improve their safeguards.
Iti s not the first time that Nohl has hit the headlines for doing this sort of thing. In 2009 he published the algorithms used by mobile operators to encrypt voice conversations on digital phone networks.
Now he and his chum Luca Melette, intercepted and decrypted wireless data using an inexpensive, modified, 7-year-old Motorola mobilephone, a couple of free software applications and some double sided sellotape. The pair managed to intercepted and decrypte data traffic in a five-kilometer, or 3.1-mile, radius.
His modified phone was used to test networks in Germany, Italy and other European countries. In Germany, decrypted and read data transmissions on T-Mobile, O2 Germany, Vodafone and E-Plus. This was pretty easy because the level of encryption was weak.
In Italy Telecom Italia, and Wind did not encrypt their mobile data transmissions at all and Vodafone Italia only provided weak encryption.
O2, which is owned by Telefónica of Spain, told the New York Times that it was following Nohl’s research closely and would take account his findings in its own operations.
Nohl, makes his cash working for mobile operators who hire him to detect vulnerabilities in their systems. He said that many operators run unencrypted data networks because it allows them to more easily filter out competing, unwanted services like Skype.