A rogue German academic has decoded the Global System for Mobile Communications, used for seventy percent of all modern mobile phones, and there’s no James Bond to stop him.  Because Karsten Nohl’s not holding the world hostage – he’s released the decryption for free online to force phone operators to improve security.

This “fix security flaws by finding them yourself” strategy is how many computer security firms progress, a combination of paid experts and interested amateurs continually poking holes so that they can mend them before less well-intentioned workers find them.  Unfortunately phone operators haven’t reached the same level of maturity, persisting in the old “put up with what we say or else” attitude and complaining about Mr. Nohl’s endeavours.  They complain that his work would be illegal in their countries (translation: it’s entirely legal where he did it), that it would help criminal organizations (actually, it helps legitimate organizations understand the risk rather than leaving them helpless when crooks discover it first), and basically spent most of their announcements on the subject complaining about being made to work instead of saying anything about fixing it.

This could force phone operators to upgrade from the compromised 64-bit encryption to a new 128-bit standard.  Which was established two years ago but, strangely, no-one seemed bothered with until now – so Nohl’s efforts could well be successful.