Hacker Cracks Security Code That Protects Cell Phone Calls

A German hacker claims to have cracked the encryption that protects most cellphone calls, potentially paving the way for others to eavesdrop on conversations.

The claim, if true, could pose a threat to many wireless carriers who have used essentially the same security on their networks for years.

The hacker, Karsten Nohl, says he and a small team broke the encryption code for networks on GSM technology, which makes up more than 80% of the world's cellular networks, to show how vulnerable they are and to make carriers more serious about security. He is expected to demonstrate Wednesday.

In the U.S., AT&T and T-Mobile run on GSM technology. Rivals Verizon Wireless, a joint venture of Verizon Communications and Vodafone, and Sprint Nextel Corp. operate on a competing technology called CDMA. An AT&T spokesman declined to comment. A spokesman for Deutsche Telekom said it is in the midst of upgrading to a new encryption algorithm as part of an overall upgrade of its German network. He declined further comment.

The GSM Association, based in London and responsible for coordinating GSM encryption around the world, said it has been monitoring the research of Mr. Nohl's team. His group's work seems to be a long way from practical attack capability and appears to be "motivated in part by commercial considerations," a GSMA spokeswoman said. His team made its first claim that it could crack the code in 2007 and again earlier this year, she said. In the meantime, the association has developed an new-generation algorithm it says further enhances privacy protection and has urged the mobile-network industry to adopt it.

For more on this story, read the full story at The Wall Street Journal.