GSM Goes Nekkid

So… looks like Karsten Nohl went through with one of the most pervasive open source experiments in IT history. The GSM A5/1 encryption algorithm is now cracked, code books have been generated, real-time decryption and snooping is now a distinct possibility using off-the-shelf hardware (ATI/Nvidia/IBM-Tosh PS3 Cell Procesors/USRP2)  and open source software (Asterisk, OpenBTS).

Assuming that Karsten’s statements are true, the GSMA is going to have their hands full defending and mitigating fallout from this eventuality: The result of Karsten’s decision could lead to progress in other areas of IT:

The downside is obvious:

One can hope this doesn’t end up doing harm. By exposing a security through obscurity’ vulnerability, Karsten has done the morally correct thing. But I fear that any malicious use of this source code will tarnish the reputation of open source even though such lapses are likely to be prevalent in the closed source ecosystem.

Let’s see how this turns out.