Those naughty pictures you're emailing and texting from your iPhone? Hackers can see them.
German mobile security researcher Karsten Nohl planned Wednesday to show how anyone could tap into voice and data transmissions on GSM cellphones, thanks to weak or nonexistent encryption by cellular carriers.
"The interception software to be released tomorrow puts GPRS operators with no encryption at an immediate risk," Nohl told the British tech blog The Register.
Nohl has cracked the encryption algorithm used by most carriers in Europe, but won't be revealing it to the public. He said the encryption was so weak that he and a colleague were able to crack it using an outdated Motorola C-123 cellphone.
All four of the German wireless carriers Nohl and his colleague tested used the weak encryption algorithm, but two out of three Italian carriers used no encryption at all.
The software Nohl planned to release today at the Chaos Communication Camp conference in Berlin would permit anyone to tap into only unencrypted transmissions.
Nohl told The New York Times he had also tested wireless networks in other European countries, but would not identify them.
GPRS, or general packet radio service, is the second-generation, or "2G," voice and data transmission technology used by cellphones using the nearly universal GSM standard.
GSM phones using "3G" or "4G" technology will often "drop down" to the slower GPRS technology in areas of weak coverage, such as rural areas or urban or suburban "dead zones."
The New York Times cited Canada's Rogers Communications as saying that 90 percent of GSM traffic worldwide runs under GPRS.
(In the United States, AT&T Mobility and T-Mobile use GSM. The other major carriers use CDMA, a different standard.)
Nohl told the Times that wireless carriers have their own reasons for running GPRS transmissions without encryption.
"Operators want to be able to monitor traffic, to detect and suppress Skype, or to filter viruses, in a decentralized fashion," he said. "With encryption switched on, the operator cannot 'look into' the traffic anymore."
Nohl, a former graduate student at the University of Virginia who now runs his own company in Berlin, has been a thorn in the side of GSM wireless carriers for a few years.
In 2009, he spurred the development of a 2-terabyte-size "rainbow table" — a database used by pattern-analyzing software to decrypt encrypted messages — to crack GSM transmission security. He's also been part of a team that has figured out hard-wired encryption algorithms just by looking at the chips involved.
He told both the Times and the Register that he hoped his presentation would force wireless carriers to adopt stronger encryption protocols, and in the case of the Italian carriers, to begin using any form of encryption.