Kenyan mobile service providers are grappling with a new year’s challenge that could see over a decade’s work in building expensive networks compromised.
They are mulling the implications of last week’s discovery by a group of hackers of a new, cheap and easy method of intercepting calls on mobile networks.
The development, made public last week at a hackers conference in Berlin, exposes the calls of over three billion mobile phone subscribers around the world to interception and could mean that mobile operators would be forced to overhaul their networks to protect the integrity of their subscribers’ calls.
A network revamp would mean a reconfiguration of 80 per cent of the base stations in use in Kenya, an unanticipated cost factor that would challenge the sector.
Calls made on 3G phones are protected by a more secure code and would not be affected by the development.
Safaricom —which commands 78 per cent of Kenya’s 17 million subscriber market — said it was examining its options but would be looking to the world’s GSM standards body, the GSM Association (GSMA), for direction, in line with other operators around the world.
The firm and its rivals in the market spent billions last year expanding networks. The GSMA has, however, down played the threat, saying it is confident about the capabilities of its code, developed 21 years ago.
“A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product,” said the association in a statement on the recent developments. A similar breach forced the association to compel GSM operators in Africa to upgrade their security systems by using a stronger form of encryption in 2004. Local operators will be keen to monitor the situation which could translate to an increase in operational costs. As most operators are already operating on slimmer profit margins due to rising competition and the soaring cost of energy, the development would put a dent in profits in the coming year.
Mr Karsten Nohl, a German encryption expert, last week cracked the code that protects mobile calls from being overheard using simple radio receivers.“This vulnerability should have been fixed 15 years ago. People should now try it out at home and see how vulnerable their calls are,” he told a Berlin conference. Mr Nohl has since published his findings on the web, where they are freely available for anyone to download and implement if they buy a simple receiver which costs Sh75,000. The move is significant as it lowers the entry barrier for hackers, who prior to the development would have had to have extensive technical knowledge before intercepting calls.
Mr Nohl said he hoped to demonstrate the weaknesses of the security measures protecting GSM networks and to push mobile operators to improve their systems. GSM networks use encryption technology to make it difficult for criminals to intercept and eavesdrop on calls. On most GSM networks, the communications link between the handset and the radio base station uses a set frequency, or privacy algorithm known as A5/1. The GSMA said over the past few years, a number of academic papers have been published spelling out, how in theory the A5/1 algorithm could be compromised.
But none has led to a practical attack capability that can be used on live commercial GSM networks.
Mobile networks are today typically configured to optimise call set-up times, capacity and other aspects related to operational efficiency.
“Mobile operators could, if it ever proved necessary, quickly alter these configurations to make the interception and deciphering of calls considerably harder,” said the GSMA.
Moreover, intercepting a mobile call is likely to constitute a criminal offence in most jurisdictions.
The GSMA said the mobile industry was committed to maintaining the integrity of GSM services and the protection and privacy of customer communications is at the forefront of operators’ concerns.
“The GSMA has been working to further enhance privacy protection on GSM networks and has developed a new high-strength algorithm, A5/3.
Over the past decade, export control agencies have removed many of the traditional barriers to the sale of cryptographic technologies enabling the development and use of A5/3. This new privacy algorithm is being phased in to replace A5/1,” it said.