A little behind getting this week up…
I mentioned the work of Karsten Nohl to expose how insecure cell phones really are back in 2009. It’s great work since many people assume cell phones are secure, while they likely aren’t nearly as secure as one would think or hope. He’s done a lot more since then as The Register reports:
“The interception software to be released tomorrow puts GPRS operators with no encryption at an immediate risk,” he told The Register on Tuesday evening. “All other GPRS networks are affected by the cryptanalysis that will be presented but not released at tomorrow’s conference. Those operators will hopefully implement stronger encryption in the time it takes others to re-implement our attacks.”
As the article goes on to say, most use none or weak encryption.
In 2010, he bundled many of the various tools he helped develop into a comprehensive piece of software that gave amateurs the means to carry out many of the attacks. That same year, other cryptographers cracked the encryption scheme protecting 3G phone calls before the so-called Kasumi cipher had even gone into commercial use.
So your best bet to make a secure call right now is to use Skype on a smart phone. So far it doesn’t seem anyone has cracked Skype’s security. If Skype has a backdoor or known vulnerabilities is questionable. If they were considered a phone company (they insist they aren’t) they would be subject to CALEA.
Bottom line: Don’t assume a cell phone call is secure.