The New York Times reports that the code book has been published by Nohl using BitTorrent and similar services. He shied away from publishing it on a website and providing a link to the public because of the possibility of being sued and/or persecuted. He previously announced his plan to crack the GSM encryption at the HAR conference in August.
The G.S.M. Association is, of course, not satisfied with this development, although they are of the opinion that the issue doesn't deserve the alarmist titles it got in the media. “This is theoretically possible but practically unlikely,” said their spokeswoman.
The encryption key isn't the only thing that you have to have to gain access to other people's phone conversations. You also need the specific hardware and software to identify the particular call from the other thousands that are transmitted through the same cellphone station, and that is no easy feat since during the conversation the digital call switches between 60 broadcast frequencies.
And also, there is another very simple solution that can resolve this issue for the time being: the network operators could switch to the A5/3 algorithm (the 128-bit successor of the current 64-bit A5/) that has been developed in 2007 and is today used on third-generation networks.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.