Forbes has an excellent interview with Karsten Nohl: Codebreaker Karsten Nohl: Why Your Phone Is Insecure By Design, Andy Greenberg, Forbes, 12 August 2011.
Nohl’s findings aren’t only meant to demonstrate that Nohl is an uber-skilled codebreaker. He argues that his work shows, more importantly, that phone encryption is made to be broken. Whether intentionally or unintentionally, he says, GPRS included flaws that its designers must have known about.
[Added 21 August] The Economist’s Babbage Blog also has an interesting article summarizing Karsten’s work on mobile phone security over the past few years: Living on the EDGE, 18 August 2011.
Dr Nohl stresses that the 11 minutes was just a first pass at writing the cracking software, and that his group used only modest equipment with no financial motive. Criminals, by contrast, could benefit mightily from accelerating the crack, he says, one reason his group has refrained from expounding the technique in detail. It has, however, pointed to some specific holes which ought to be plugged. The group found some networks disabled all security features, relying on the highly misguided notion that traffic could not be easily intercepted except by mobile operators. Having no security from the phone to a base station on a mast makes it easier to filter and monitor traffic.
In 2009 Dr Nohl and colleagues pointed out significant weaknesses to the base GSM standard. Their new attack focuses on General Packet Radio Service, better known as GPRS—a modest improvement to GSM—introduced commercially in 2000. GPRS allows rates of tens of kilobits per second (Kbps), while a subsequent tweak known as EDGE allows downstream rates of 200 to 400 Kbps. GPRS and EDGE are commonly referred to as 2.5G, sitting in between 2G and 3G network speeds.