In 2009, Karsten Nohl, chief scientist of Security Research Labs in Berlin, published a software tool that computes the 64-bit key used to encrypt conversations on GSM networks, prompting the industry to adopt better safeguards. His company, Security Research Labs, advises German and U.S. multinational companies on mobile security issues.
Now he says to the New York Times:
We can remotely install software on a handset that operates completely independently from your phone.I ask, why nothing has been done over those years after in 2009?
We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.
Karsten Nohl said (the last, in 2011 to the Register) the attack works because virtually all of the world's cellular networks deploy insecure implementations of GPRS, or general packet radio service. Some, such as those operated by Italy's Wind or Telecom Italia, use no encryption at all, while Germany's T-Mobile, O2 Germany, Vodafone, and E-Plus use crypto that's so weak that it can easily be read by unauthorized parties.