[14081] in cryptography@c2.net mail archive
GSM Association downplays mobile security concerns
daemon@ATHENA.MIT.EDU (R. A. Hettinga)
Mon Sep  8 13:20:51 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 8 Sep 2003 08:17:05 -0400
To: Clippable <rahettinga@earthlink.net>
From: "R. A. Hettinga" <rah@shipwright.com>
Cc: cryptography@metzdowd.com
<http://www.commsdesign.com/printableArticle?doc_id=OEG20030903S0013>
š
GSM Association downplays mobile security concerns
By John Walko,  CommsDesign.com
Sep 3, 2003 (5:41 AM)
URL: http://www.commsdesign.com/story/OEG20030903S0013
LONDON ± The GSM Association is playing down concerns raised by a team of
Israeli scientists about the security of GSM mobile calls.
The researchers, from the Technion Institute of Technology in Haifa,
revealed they had discovered a basic flaw in the encryption system of the
GSM (Global System for Mobile)specification, allowing them to crack its
encoding system.
The GSM Association, which represents vendors who sell the world's largest
mobile system, confirmed the security hole but said it would be expensive
and complicated to exploit.
Eli Biham, a professor at the Technion Institute, said he was shocked when
doctoral student Elad Barkan told him he had found a fundamental error in
the GSM code, according to a Reuters report on Wednesday (Sept. 3). The
results of the research were presented at a recent international conference
on cryptology.
"We can listen in to a call while it is still at the ringing stage, and
within a fraction of a second know everything about the user," Biham told
the news agency. "Then we can listen in to the call."
"Using a special device it's possible to steal calls and impersonate
callers in the middle of a call as it's happening," he added. GSM code
writers made a mistake in giving high priority to call quality, correcting
for noise and interference and only then encrypting, Biham said.
The GSM Association said the security holes in the GSM system can be traced
to its development in the late 1980s when computing power was still
limited. It said the particular gap could only be exploited with complex
and expensive technology and that it would take a long time to target
individual callers.
"This [technique] goes further than previous academic papers, [but] it is
nothing new or surprising to the GSM community. The GSM Association
believes that the practical implications of the paper are limited," the
group said in a statement.
The association said an upgrade had been made available in July 2002 to
patch the vulnerability in the A5/2 encryption algorithm.
It said any attack would require the attacker to transmit distinctive data
over the air to masquerade as a GSM base station. An attacker would also
have to physically stand between the caller and the base station to
intercept the call.
The researchers claimed they also managed to overcome the new encryption
system put in place as a response to previous attacks.
Copyright ' 2003 CMP Media, LLC |Privacy Statement
-- 
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com