Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Handhelds Security Hardware

Cracking GSM 359

RobertM writes "Professor Eli Biham, one of the worlds most famous crypto analysts, together with two of his students presented an interesting paper on flaws in GSM at the IACR Crypto conference. The GSM association is not happy. Read more on theReg." There's also a Reuters article about the situation.
This discussion has been archived. No new comments can be posted.

Cracking GSM

Comments Filter:
  • Risky? (Score:3, Interesting)

    by Zone-MR ( 631588 ) <slashdotNO@SPAMzone-mr.net> on Thursday September 04, 2003 @08:22AM (#6867994) Homepage
    I wonder how long it will be till they attempt to use the DMCA to silence him - this is after all a typical scenario for the DMCA to be exploited in order to gag scientists and cryptology experts.

    Sadly, I wouldn't at all be surprised to see this end up on chillingeffects in the near future.
    • Re:Risky? (Score:2, Insightful)

      by Anonymous Coward
      the guy is in Isreal, and this is not DMCA at all. He didnt break any sort of copy-protection scheme. He broke the algorithm itself without needing the keys.

      it would be extremely difficult if not impossible to say that GSM is a copy protection device.
    • Re:Risky? (Score:5, Informative)

      by epsalon ( 518482 ) * <slash@alon.wox.org> on Thursday September 04, 2003 @08:36AM (#6868117) Homepage Journal
      Nathan, Elad, and Eli Biham are not US citizens as far as I know...
      • Re:Risky? (Score:5, Informative)

        by Zachary Kessin ( 1372 ) <zkessin@gmail.com> on Thursday September 04, 2003 @08:50AM (#6868247) Homepage Journal
        They are all infact at the Technion, Israel's high Tech-engineering school in Haifa. The DMCA is a US law, which applies to people in the USA. It has absolutly no effect on people outside the USA.

        Now in theory if they travel to the USA they could have a problem, and many Israelis do travel to the USA for one reason or another, but I don't think the US goverment will arrest an Israeli professor for publishing a paper.

        • Like they didn't arrest a russian programmer? Granted, he was distributing working software. But still, the US lets Israel get away with many, many things they wouldn't let other countries.

          The only other reason I can see for him not being arrested is the fact that GSM is not a US owned technology. That and the fact that operators couldn't care less, it is not like they hold copyright over your conversations...

          • Because they would get creamed on the first amedment issues. If you take a first rank Professor at a well known university presenting an academic paper at a respected confrence. Thats about as protected as speach can get. And a univeristy like Technion can hire good laywers.

            A guy that they can protray as a two bit hacker (right or wrong) can be painted in a very different light. But the first amendment types would have a field day if they arrested him. Of course he may decide just not to go the the USA an
    • Re:Risky? (Score:2, Insightful)

      by Anonymous Coward
      What the other posters missed by flaming you because the gentleman is not from the US is that (a) neither was Mr. Skylarov; and (b) this Crypto conference, like the conference at which Mr. Skylarov presented, was held in the United States. So Zone-MR, you make a good point ... unlike the flamers.
    • Re:Risky? (Score:3, Informative)

      by tomstdenis ( 446163 )
      Um they already presented their work. I was there I should know. In fact their attack is hardly "news" I was chatting with certain people at the conference and they already knew the details of the attack way before the presentation took place.

      Santa Barbara is an awesome btw! I can't wait for CRYPTO'04

      Tom
    • Seeing as this has nothing to do with copyright violation, the DMCA is completely inapplicable. There are no laws against cracking encryption that is unrelated to copyright violation, even in the US.

      You'd have had better luck if you'd suggested the PATRIOT act as a means to silence him, but even that would be very dubious.
    • GSM is a published algorithm, is it not? As such, he wouldn't have to reverse-engineer anything. I don't believe the DMCA covers criticizing something that has an open spec. It's not his fault he's the only one who had the insight.
  • by will_die ( 586523 ) on Thursday September 04, 2003 @08:23AM (#6868003) Homepage
    The US CIA, UK M5 and Israel Mossad are now hiring people with experience with GSM and crypto experience.
  • Excellent! (Score:2, Funny)

    by Anonymous Coward
    I always thought a funny and interesting practical application of cracking GSM, or pretending to be a mobile phone mast through other means would be to ring everyone's mobile up in the area at the same time and have them all talk to each other. That would be excellent!
    • Re:Excellent! (Score:2, Interesting)

      by HTD ( 568757 )
      i see a practical application for this - use the cracked signal when being in a cinema/theater/you_name_it _before_ the movie/show/whatever starts - all lamers that have turned on their ring-tone will turn their phones off before the show starts. Why you ask? Because during advertisements/entry the light is still on, the signal makes all phones ring and then everybody annoyed by the sound can easily spot the lamer(s) and tell them to shut it off, or kick him when it rings again during the show ;)
  • by dphoenix ( 623525 ) on Thursday September 04, 2003 @08:23AM (#6868005)
    I don't see how this is news, I've known about this for months, I heard them talking about it on their GSM pho- uh, nevermind.
    • From the article (emphasis mine):
      ...tap into a conversation while a call is been set up and a phone at the receiver's end...
      I guess somebody [allyourbase.com] set up us the bomb!
    • by billstewart ( 78916 ) on Thursday September 04, 2003 @11:37AM (#6870055) Journal
      There's some nice summary on gsmsecurity.com, but Ian Goldberg did one of the early critical cracks and revealed that 10 of the authentication key bits were set to zeros. GSM has a set of algorithm for the call authentication, and a set of algorithms called A5/1 and A5/2 for the voice encryption. A5/1 was the "stronger" algorithm used in "superior" countries, and A5/2 was the weaker version for "inferior" countries. It turns out that A5/1 is pretty weak, and A5/2 is far weaker, and the fact that Ian could cryptanalyze the system over lunch indicates that it wasn't designed by competent cryptographers.

      The initial work didn't totally blow the system open and make on-the-air cracks easy, but it showed that the system was incompetently designed as well as deliberately weakened further, and was yet another reminder that Closed System Design is even worse in cryptography than in software. Subsequent work by people like Biham and Wagner keeps making it worse, and of course computer equipment keeps getting cheaper and larger, which means that attacks that need "hundreds of GB of disk" cost you $200 at Fry's rather than $200000 at the NSA Spook Equipment Shoppe.

      In the US, GSM is still a security improvement, weak as it is, because the government bullied the digital cell phone system developers into using even weaker and more broken algorithms (back when they could pretend they were worried about Commie Spies rather than trying to facilitate illegal wiretapping.) (And of course analog cell phones didn't have crypto at all.) But even then, many of the cell phone companies don't bother turning on the crypto - Nokia phones give you a nice friendly indication that they tried to use it and got rejected.

  • by Anonymous Coward on Thursday September 04, 2003 @08:24AM (#6868014)
    The International Journal of Digital Evidence [ijde.org]has a current article [ijde.org] about GSM forensics.
  • A patented crack? (Score:5, Insightful)

    by henrygb ( 668225 ) on Thursday September 04, 2003 @08:26AM (#6868033)
    Reuters is saying "the method is being patented and will be used only by law enforcement agencies, he said".

    1. Does DCMA and its cousins allow such methods to be patented?

    2. Will the phreakers care about patents?

    • by morcheeba ( 260908 ) on Thursday September 04, 2003 @08:47AM (#6868224) Journal
      3. Will any government respect the patents, or will they take the opportunity to bolster their own national security?
      • by Kombat ( 93720 ) <kevin@swanweddingphotography.com> on Thursday September 04, 2003 @08:59AM (#6868307)
        Governments don't need to crack the signal. They can already listen in on the unencrypted conversation at the base station, or even central office. Vendors of cell equipment are required by law to provide these back doors to government and law enforcement. If they didn't, then they simply couldn't sell their equipment. I know - I used to work in the cell phone billing division of Nortel.
        • True, hopefully they'll act legally when dealing with domestic carriers, but internationally, it's a totally different story. No Chinese carrier is going to allow the US government to tap in. Heck, even British Telecom probably wouldn't let them... and even if they did, the US government would want to absolutely minimize the chance that the victim could find out about the tap -- and a good step towards that is keeping all information within their own organization (and not in the hands of a private or foreig
        • In the US, that requires a warrant to do. However, if it's possible to crack the signal then the government can eavesdrop on a conversation without a warrant.
          • by HiThere ( 15173 ) *
            The government can't force the phone company to let them eavesdrop without a warrant, but if they just asked, how often would they be allowed? Would there be any records? If not, then there would be no way to tell.

            But I'm sure that the government personnel will always follow the written proceedures, just like everyone else.

      • From what I remember, the design of the GSM A5 cipher was always suspected to be weak. From Applied Cryptography:

        A lot of strange politics surrounds [A5]. Originally it was thought that GSM's cryptography would prohibit export of the phones to some countries. Now some officials are discussing whether A5 might harm export sales, implying that it is so weak as to be an embarrasment. Rumor has it that the various NATO intelligence agencies had a catfight in the mid-1980's over whether GSM encryption shou

    • You gave me an idea. Right now I'm patenting:
      • Using a hammer to crack someone's head
      • Stabbing someone to death

      Now all psychos will have to pay me in order to perform their activities.

    • by G4from128k ( 686170 ) on Thursday September 04, 2003 @08:59AM (#6868317)
      If this cracking method is indeed patented then it must be publicly released for anyone to read and understand. But public release would seem to violate DCMA and stifling the publication would seem to violate the constitutional underpinnings of the patent system (to encourage innovation by both granting monopolies and making inventions publicly accessible for further innovation). Does this make DCMA unconstitutional???
    • Apparent purpose of the patent would be to prevent anybody from developing and selling GSM listening devices commercially unless they can get license from patent holder.

      I mean, that's generally what patents are meant for, to prevent others from exploiting your innovation.

      Of course if somebody doesn't care about patent laws, it doesn't help. However, it'll keep this technology off the shelves of your local electronics shop.

      And I don't think DMCA has anythig to do with patents directly.
  • by dontod ( 571749 )
    that just as the mobile phone companies are desperate to move people on to the next generation of mobile technology, it is revealed that an older technology is flawed.

    Amazing.

    Don
    ----------

    Eatthepuddingeatthepuddingeatthepudding
  • Patent protection? (Score:5, Insightful)

    by nuggz ( 69912 ) on Thursday September 04, 2003 @08:27AM (#6868042) Homepage
    Illegal interception of calls will be prevented by patenting the technology?

    I'm sure that a criminal really cares about patent infringements.

    Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

    This one arguement against gun control, make them illegal and only criminals will have guns.
    Make this illegal and only criminals will listen to your phone call.
    • Make this illegal and only criminals will listen to your phone call.

      I belive the very act of listening to other people's phone calls makes you a criminal... And there are no legitimate uses (unlike guns).

      So wether cracking GSM is illegal or not, "only criminals will listen to your phone calls" anyway.

      Did you try the subtle art of irony and a moderator misunderstood? :-)
      • Acutally that is my point, once you break one law (listening in), would you care if you infringe on someones patent? I doubt it.
      • I belive the very act of listening to other people's phone calls makes you a criminal

        You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.

        Whenever I talk on my cell phone, I realize that a multitude of people can be listening from people in the room to people in the cell area with radio scanners. If it's something sensitive, I'll use a landline or a secure channel. When I'm on my computer, I realize anyone on my collission domain can

        • by Urkki ( 668283 )
          • You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.

          Intercepting or receiving radio waves isn't illegal of course. Same as you are not breaking any law if you hear when your neighbours shout to each others over you property (hell, if they bother you with it, you can probably get them for disturbing your peace). Even descrambling probably isn't illegal, unless there's a specific law against that. But listening to certainly is. Tha


    • Your analogy w/ guns is not so bad; just declaring this tech illegal will work similarly to banning handguns (e.g. in Britain). That is to say,not perfectly, but still extremely well.
      Patent infringement will prevent any legitimate company from producing a device to listen in on GSM, so while some might be able to build it themselves, for the most part the people who would listen in won't be able to or won't bother.

      Similarly, there are places where handguns are illegal (such as England). Some people sa
    • Laws should not be used to shore up broken technology. This only impedes law abiding citizens, and does nothing to improve the protection against crime.

      Brilliant example of a popular (but fundamental) misconception. Law never protects from crime, law defines what constitutes a crime. If there would be no laws, there would be no crimes. Every law only imepedes the people abiding it.

      This one arguement against gun control, make them illegal and only criminals will have guns.

      I hopefully have demonstrated

  • by epsalon ( 518482 ) * <slash@alon.wox.org> on Thursday September 04, 2003 @08:30AM (#6868067) Homepage Journal
    Elad, Nathan, Eli Biham and Orr Dunkelman (which was not listed for some reason) are friends of mine at the Technion Israeli Institute of Technology. Their previous attack on A5/1 required a few hundred GB of HD space and dedicated telephony equipment to pull. A5/2 is a peace of cake in comparison. This new attack makes it ciphertext only. That means that you don't have to initiate a short call (for example) to the evesdropee or knowing some part of the call (like with voicemail) before breaking the encryption. It uses the signal correction mechanism to initialize itself.

    In general, this is no big news, because this equipment is hard to aquire and the benefits are not that great. In comparison, CDMA and TDMA don't (effectively) encrypt calls at all.
  • Figures (Score:2, Insightful)

    Last time I told a software manufacturer about security flaws they were like, oh we don't care - our users are too dumb to work it out. Uh huh, but what about the competition? I'm sure their opinion would change had I released an exploit for it.

    Similarly, the GSM Association probably knew about it, it's probably a designed-in backdoor to allow governmental evesdropping, but now it's public knowledge they're unhappy. Notice they say "very difficult" to exploit - not impossible. They know what's up, and they

    • The encryption is only between the handset and the base station. The goverment can easily evesdrop at the cellular provider (after issuing a warrant).
  • GSM ... and CDMA? (Score:3, Insightful)

    by bigjocker ( 113512 ) * on Thursday September 04, 2003 @08:32AM (#6868086) Homepage
    I have been looking for a good source on the security of CDMA (2000 - 1X, but also CDMA). I have found the basic stuff using google, but is difficult to find real info given that almost all the google results are for press releases or biz-talk from the technology providers (qualcomm, ericsson, motorola, etc) and all of them state "great security".

    The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?

    Also interesting is that this article appeared (or was going to) on yesterday's slashdot edition but after being available for subscribers for a while it dissapeared.
    • Re:GSM ... and CDMA? (Score:5, Informative)

      by Andy Dodd ( 701 ) <atd7@c[ ]ell.edu ['orn' in gap]> on Thursday September 04, 2003 @08:56AM (#6868286) Homepage
      "The question is can somebody deploy a off-the-shelf (or homebuilt) scanner and grab the conversations on-the-air? I know that a PR (pseudo random) number is used with the ESN and A-key to generate some keys for encrypting some of the communications, and that the voice channel is "scrambled", but is there a source where the security implications of this is discussed?"

      In theory, anything is possible.

      Off-the-shelf scanner - Definately not. Unless you're talking about high-end five-figure and even six-figure sums. A Rohde and Schwartz FSIQ would probably be 90% of the hardware needed to crack a CDMA signal, but FSIQs run $75k used ($120k or so new). An Agilent E4406A VSA starts at $32000 and cdmaOne and CDMA2000 options are extra $$$. And these might not even be sufficient for realtime monitoring and demodulation. It would be possible to build custom equipment for much less, but only a M.S. or Ph. D. in EE would be able to design a system to do adequate realtime demodulation of CDMA.

      Non-realtime (capture the signals and post-process them) - Much easier. The hardware is $1000-2000 off-the-shelf (see GNU Radio), and the software is $99 if you're a student (Matlab), although you'll still need thorough knowledge of CDMA and some communications systems background to write the demodulation algorithms.

      I don't know about the datastream-level encryption, but CDMA is much tougher to demodulate than the TDMA scheme used by GSM. (Given a captured baseband signal, I could probably tweak my old ECE 467 projects to demodulate GSM down to its datastreamin not too long, while CDMA would be a LOT harder.
      • You're not thinking like a hacker would on this.

        Think about it -- all the hardware you need to demodulate and decode a CDMA signal in realtime is present in a CDMA phone, so it's only a matter of understanding/controlling the hardware and figuring out how to capture the right spreading code and any other keys in use.

        Given that, the hardware is probably close to free once you've figured out how to control a phone or download new software to it.
      • CDMA is indeed tougher to demodulate than GSM, the reason being that each GSM signal uses the same carrier (basically it encodes bits by modulating phase; the technical term is Gaussian Minimum Shift Keying, or GMSK). CDMA, on the other hand, has each user use a different "spreading code" in an attempt to make signals from different users orthogonal. The purpose of the spreading code is to take your nice orderly stream of bits, and turn it into a random-looking sequence. At the other end, the receiver kn

  • by Alien Being ( 18488 ) on Thursday September 04, 2003 @08:35AM (#6868109)
    "they can hear you now."

    "they can hear you now."
  • 3G phones safe (Score:3, Informative)

    by e4liberty ( 537089 ) on Thursday September 04, 2003 @08:36AM (#6868113)

    From theReg...

    Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.

    • ...they have about a 20 minute battery life and the chances of having anyone else with a 3g phone to call in that time are minimal?

      Oh, and 3G calls to GSM mobiles are presumably still open...

  • Old hat! (Score:4, Interesting)

    by Noryungi ( 70322 ) on Thursday September 04, 2003 @08:36AM (#6868116) Homepage Journal
    Hmmm. If I remember well, other Israeli crypto researchers, including Pr Shamir (of RSA fame, Rivest - Shamir - Adelman) mentioned a couple of years ago that GSM crypto could, theoretically, be cracked almost in real time by a (relatively) low-powered machine.

    GSM specialists have known for a number of years now that GSM crypto was not that good. Interestingly enough, GSM crypto was designed by French 'military specialists', which has raised the usual (probably justified) suspicions of backdoors.

    Sorry for not being able to produce more info, but I am sure other Slashdotters will have interesting links to supply...
  • by IRandom ( 219465 ) on Thursday September 04, 2003 @08:37AM (#6868125)
    The novelety of this attack is that it is instantanous. The cryptanalysis is done one when the call is being established (when the phone just rings) even before any any real conversation is being done.
    The exact details are still secret but the attack exploits a misuse of Error Correcting Codes (ECC - are used in communication protocols to correct random noise errors).
    It seems that instead of encrypting the conversation and then employing ECC, the GSM does it the other way thus leaking enough data for the cryptanalysis to be performed
    • "...instead of encrypting the conversation and then employing ECC, the GSM does it the other way...."

      Well, that answers my question about whether the standard writers had their design reviewed by someone who understands cryptography. *sigh*
  • by Lumpish Scholar ( 17107 ) on Thursday September 04, 2003 @08:40AM (#6868145) Homepage Journal
    The GSM Association ... confirmed the security hole but said it would be expensive and complicated to exploit....
    In unrelated news, the National Security Agency requested an emergency budget increase of $13.5B. When ask for justification, the head of the NSA was heard to say, "Warrants? We don't need no stinkin' warrents...."
  • by sigxcpu ( 456479 ) on Thursday September 04, 2003 @08:40AM (#6868148)
    It has long been suspected that GSM encryption was specificaly designed with some 'weak spot' to allow law-enforcemant monitoring.
    Does anyone know if the article is available online?
    I'd like to know if this flaw looks more like a mistake or somthing more intentional.
    None of the meadia people who spoke about it seem to understand that "Instant Ciphertext-Only Cryptanalysis" means you are effectivly not protected at all.
    • Law enforcement taps take place within the telco infrastructure: i.e. after the conversation has been received & decrypted by the base station.

      According to Ross Anderson, most inter-base station communications is done via microwaves, (because the landline infrastructure is generally owned by a competitor), and IIRC most of the microwave transmissions are in the clear.

      Transport-level privacy between handset and base station was provided by two ciphers of different strengths: A5/1 for Europe & the

      • Law enforcement taps take place within the telco infrastructure: i.e. after the conversation has been received & decrypted by the base station.

        That is good if all you need is evidance. But if you need tactical intel during an operation, live realtime intel is pricless.

  • by winkydink ( 650484 ) * <sv.dude@gmail.com> on Thursday September 04, 2003 @08:41AM (#6868165) Homepage Journal
    At least they point out that the equipment required costs about $250k.
  • Good for 3G. (Score:2, Informative)

    by a_n_d_e_r_s ( 136412 )
    The sales of 3G are dissapointing. But now the tele-coms who have bough expensive 3G contracts all sigh in relief.


    Finally one reason for people to upgrade to 3G.

  • by epsalon ( 518482 ) * <slash@alon.wox.org> on Thursday September 04, 2003 @08:42AM (#6868168) Homepage Journal
    Prof. Eli Biham [technion.ac.il] and Elad Barkan [technion.ac.il]. Both good friends of mine.
  • by valentyn ( 248783 ) on Thursday September 04, 2003 @08:42AM (#6868169) Homepage
    From http://israelemb.org/sanfran/News&Media/full/03/se p/02#c

    "Elad found that the GSM network does not work in proper order: First, it inflates the information passing through it in order to correct for interference and noise and only then encrypts it," Biham told The Jerusalem Post. "At first, I didn't believe it. We checked it, and it was true."

    That probably means higher predictability for the encrypted data.
  • by Anonymous Coward on Thursday September 04, 2003 @08:45AM (#6868199)
    REMOB anyone?

    REMOB (Remote observation mode) is a TSPS console feature of the american telephone system to allow inward ops to monitor a suspected phone that might be "off the hook" prior to interrupting the line for "life or dire emergency" with the 500Hz tone and issuance of the frequently heard phrase "This is the att operator do you wish to disconnect this call you have an emergecy phone call from ...."

    but PRIOR to that for 30 second maximum bursts you get to hear an inverterted sound wave... which you can record.

    better... the fbi has is setup to cascade overlapping series of REMOB snippets so when one ends (on any CLASS capable ESS r5) another takes over.

    This way no interrupt chirp is heard by the victims, and lots of trivially "scrambled' speech can be secretly recorded.

    i have never ever ever seen this in print or any edoc in history of phreaking.

    I have seen telephon reps state to congree that REMOB did not exist.

    it exists.

    it does not take outside intercepts (ECHELON) as reported on 60 Minutes, or any NRO or NSA budgets,

    it only takes a 6 digit code and the correct connections to do REMOB.

    REMOB makes intercepting cell phones laughable in comparison.

    besides... the German Gov records ALL cell phones under that alleged statement that in theory it COULD intercept the airwaves anyways if they tried. Remeber the slashdot article?

    also the us gov allows no-warrant affixing of GPS locater emmitter bugs under your car frame under the assumption that it could visually track you from their air if they had the money anyways. Remember the Scott peterson case this summer? No initial warrant to put the gps bug on his car.

    recording and intercepting ALL cell phone traffic at the point of origin on the LAND LINES is what the fed gov assumes is their right!

    no need to mess with intercepts.

    July 1983 the us supreme court ruled the public had a right to intercept and use all radio trasmissions INCLUDING call phones. Then they pverturned it partly years later.

    today it is LEGAL for the cops to buy and sell equipment to record cell phones, but not the public across state borders. you have to build it from scratch yourself for your own hobbyist needs... and then its legal to use.

    but REMOB is far far more humorous.

    I know it exists.... first hand
  • Wishful thinking (Score:2, Informative)

    From the Reg article:

    Both parties agree that the issue does not affect 3G phones, which use different protocols and security mechanisms than legacy GSM handsets.

    I don't have the sales figures to hand, but I don't think GSM can really be called a "legacy" technology yet. IIRC Britain only has one provider 3G service provider, which has had a fraction of the expected number of subscribers.

    • Why dont you look up the word legacy before posting something so dopey? Legacy doesnt mean obsolete, just that the newer technology came out of the older technology.

      The G4 is a legacy Mac. My 2.53ghz Northwood P4 is a legacy CPU, with a legacy 533mhz fsb.
  • "The Association said an upgrade to the A5/2 encryption algorithm, available since July 2002, addresses the security weaknesses highlighted by the Israelis."

    Okay...The networks can issue new SIMs and update their switches. If they're soft switches [motorola.com], then it should be all the easier of an upgrade. Those of you who have GSM network operators (like Orange [orange.co.uk], BT [bt.com], FT [francetelecom.com], T-Mobile [tmobile.com]), petition them to take this fix seriously. You pay for a service that they advertise as being secure. However, if you were worried abo

  • by FuzzyBad-Mofo ( 184327 ) <fuzzybad AT gmail DOT com> on Thursday September 04, 2003 @08:48AM (#6868226)

    In the bad old days of analog mobile phones, there wasn't even encryption on the signal. You could literally walk into Radio Shack and walk out carrying a scanner capable of receiving mobile phone frequencies. (They eventually banned the sale of scanners capable of receiving those frequencies.) Later, TDMA and CDMA technologies made it more difficult to intercept signals, but all that's required is the right decoder.

    Encryption of the call is a fairly recent trend and I think it's a terrific idea, but any encryption can be broken in time. While the odds are low that someone may be listing in, guaranteed privacy is impossible.

    I think as a whole, we tend to trust in technology without really understanding it. I'm reminded of two engineering students who were visiting my apartment in college, and showing off their new cell phones by one calling the other. They were quite surprised when I was able to intercept their call with a cheap radio scanner. They had no idea their call was not private, simply assuming that the technology was secure. It wasn't.

  • by twoslice ( 457793 ) on Thursday September 04, 2003 @08:49AM (#6868231)
    18:00-20:30

    Beach Barbecue
    Bar 18:00-20:30
    Buffet 18:15-20:30
    Dessert/Coffee 19:00-20:30

    I wasn't there but I just know that everyone showed for the beach barbecue with the open bar and grub all night long.
  • Uh what? (Score:2, Interesting)

    by bigjnsa500 ( 575392 )
    So if professor publishes this, its all fine and dandy, but when a citizen publishes an eBook hack he's arrested? What gives?
  • A Wise Man... (Score:4, Interesting)

    by Esion Modnar ( 632431 ) on Thursday September 04, 2003 @08:59AM (#6868308)
    ...once said to me that he would much rather have criticism than praise, since praise did nothing for him, and made him feel awkward and embarassed.

    Criticism, however, allowed him to improve himself.

  • The article states... The GSM Association admits the Israeli researchers are onto something but say the attack requires the use of complex technology, which few phone phreakers have access to, and would need to be targeted at a specific caller.

    I see ... in other words. They only people you have to fear is your government and large companies.

    Is anyone else bothered by the fact that governments all across this planet of ours seem to think that the only kind of secrecy that is a good thing is goverment s

    • The GSM association is not happy.
    They should be happy. It's an opportunity to them to refine their techniques and improve users protection.

    IMO people should understand that errors found are opportunities to improve quality. Not a way to point incapacity.

  • in many countries, GSM operators are required to turn encryption off.
  • The report says you need to play man in the middle, the paper title claims cyper text only. Does anyone with the relevent background know which it is?
  • The GSM Association, a trade group for suppliers and mobile network operators, is downplaying the problem. It admits a potential vulnerability exists but argues that this would be very difficult to exploit in practice.

    Does anyone know if its possible to make a device that exploits such a vulnerability?

    I don't buy into the very difficult to exploit crap. As far as I can tell from this information (but IANAHE - im not a hardware engineer) it would be possible to design hardware that can systematically exp

FORTRAN is not a flower but a weed -- it is hardy, occasionally blooms, and grows in every computer. -- A.J. Perlis

Working...