New ways to make us less safe?

NSA spies on carriers to break call encryption, report suggests

The NSA spies on the internal emails and documents of major mobile carriers and their industry body, the GSM Association, according to an article published Thursday by The Intercept.

According to the piece, the spy agency is or was running a program called AURORAGOLD, which involved targeting the GSMA in order to find or even create weak spots in carriers’ network technology. If this is the case, it may be yet another example of the foolhardy breaking of widely used security mechanisms in ways that other spies and criminals can potentially also exploit.

The GSMA’s “IR.21” documents are shared between carriers to allow customers to roam internationally between their networks. According to the NSA documents published by The Intercept, IR.21s provide valuable information about new technology that the carriers are using, helping spies to figure out how to “discover vulnerabilities,” “introduce vulnerabilities where they do not yet exist” and find threats to the spies’ existing surveillance methods.

The GSMA is also a hub for the development of new cellular privacy technology. Worryingly, the article suggests that the AURORAGOLD program may have aided NSA attempts to crack A5/3, a type of encryption for cellular communications. Earlier stories based on the Snowden leaks indicated that the NSA has already cracked the older and weaker — but widely used — A5/1 cipher.

It’s not entirely clear whether or not the NSA and GCHQ have had success in cracking A5/3 yet, but some experts are worried:

As the piece noted, the U.K.-based GSMA receives funding from the U.S. National Institute of Standards and Technology (NIST), which has already had to warn companies off using one of its own security standards because Snowden’s leaks indicated the NSA had tampered with it.

GSMA spokeswoman Claire Cranton told me by email: “We are aware of the Intercept story and are currently investigating the claims made in the piece. We are unable to offer any further comment at this time.”

4 Responses to “NSA spies on carriers to break call encryption, report suggests”

  1. Joe Detracktor

    A cell phone can be stopped from tracking if it is placed in a Faraday Cage. A Faraday cage is a metal or conductive envelope that completely surrounds the electronic device and stops signals from going into or out of the cage. Two or more wraps of aluminum foil with the edges wrapped over will work. This can also be accomplished by making a pouch out of a metallized ie conductive fabric. Search youtube for Detracktor for a demonstration.

  2. And phone makers spy on users and carriers spy ….. (thank you Google for the new Nexus,, carrier spyware is just another way you sold us out)
    Today’s news about Taiwan’s communications regulator saying that all the 12 popular phones they looked at failed to pass is hilarious.
    In the end the entire industry is working against the users. From Google that will always want more or Qualcomm that depends too much on carriers and their roadmap is designed to help carriers out, to abusive govs. There is no good guy left, just a coalition of evil lol.
    Even folks like ARM were oddly silent on the spying matter, makes you wonder about some of their products, like TrustZone.

  3. “If this is the case, it may be yet another example of the foolhardy breaking of widely-used security mechanisms in ways that other spies and criminals can potentially also exploit.”

    Pardon my cynicism, but it’s not foolhardy if increased criminal activity can then be used to justify new or expanded defence and cyber-security programs and thereby funnel more money their way.