German Academic Hacks GSM Cellphone Encryption

In the U.S., AT&T Inc. and Deutsche Telekom AG's T-Mobile run on GSM technology. Rivals Verizon Wireless, a joint venture of Verizon Communications Inc. and Vodafone PLC, and Sprint Nextel Corp. operate on a competing technology called CDMA. An AT&T spokesman declined to comment. A spokesman for Deutsche Telekom said it is in the midst of upgrading to a new encryption algorithm as part of an overall upgrade of its German network. He declined further comment.

*****

Mr. Nohl has published data online that he says is key to undoing encryption protecting phone calls. The size of the data and the computing power needed mean hackers likely won't be able to eavesdrop on conversations at will, analysts say. Instead, they would have to be selective about which calls they try to break. "It's likely going to be used for the corporate-espionage kind of thing," says Stan Schatt, a security analyst at ABI Research. "In practical terms, it means hanging out in the parking lot of Google or somewhere and targeting executives with cellphones."

*****

In an interview, Mr. Nohl said the security loophole has been exploited for years by criminals using technology that previously cost several hundred thousand dollars. Mr. Nohl, who has a doctorate in computer science from the University of Virginia and works as a McKinsey consultant, said his research has "made it much cheaper to hack into mobile-phone networks." A so-called white-hat hacker, he says he took on the project for academic reasons only and has no intentions of eavesdropping on calls himself.