Two security researchers demonstrated a way to crack cellular phone encryption during this week’s Black Hat security conference in DC:
David Hulton and Steve Muller demonstrated a new technique for cracking the encryption used to prevent eavesdropping on global system for mobile communications (GSM) cellular signals, the type of radio frequency coding used by major cellular service providers including AT&T, Cingular and T-Mobile. Combined with a radio receiver, the pair say their technique allows an eavesdropper to record a conversation on these networks from miles away and decode it in about half an hour with just $1,000 in computer storage and processing equipment.
Hulton, director of applications for the high-performance computing company Pico, and Muller, a researcher for mobile security firm CellCrypt, plan to make their decryption method free and public. In March, however, they say they’ll start selling a faster version that can crack GSM encryption in just 30 seconds, charging between $200,000 and $500,000 for the premium version.
Who will be the customers for their innovative espionage technique? Hulton and Muller say they aren’t sure yet. But they plan to offer the method to companies that will integrate it with radio technology, not sell it directly to the law enforcement and criminal customers who will undoubtedly be interested in putting it to use. “We’re not creating the technology that does the interception,” Muller says. “All this does is crunch data.”