News GSM phone encryption "can be cracked"

Discussion in 'Article Discussion' started by GreatOldOne, 4 Sep 2003.

  1. GreatOldOne

    GreatOldOne Wannabe Martian

    Joined:
    29 Jan 2002
    Posts:
    12,092
    Likes Received:
    112
    From New Scientist:

    The encryption system that protects the almost 900 million users of GSM cell phones from instant eavesdropping or fraud is no longer impregnable, cryptologists claim.

    Researchers at the Technion-Israel Institute of Technology in Haifa say they have found a way to defeat the security system, exploiting a flaw in the way the encryption is applied.

    With GSM, the voice is encoded digitally. But, before this data is encrypted, it is corrected to help compensate for any interference or noise, says Eli Biham, who led the Technion team. This gives an opportunity for a "man in the middle" attack, in which the call is intercepted between the handset and the network base station.

    Full story here

    Flaw? Or diliberate backdoor in the GSM spec to allow the "Powers That Be" to eavesdrop?

    [ConspiracyNut]
    You were right! They are listening in on us.... :worried:
    [/ConspiracyNut]
     
    GreatOldOne, 4 Sep 2003
    #1
  2. Alaric

    Alaric code assassin

    Joined:
    3 Nov 2001
    Posts:
    2,881
    Likes Received:
    0
    Well they are, but it's more of a flaw in the GSM protocol.
    The GSM ecryption was already looking suspect before, with attacks feasible using just a pc. The complexity of previous attacks was considerably less than say DES. However from what i can get from the news articles (as i haven't read the paper yet) this attack doesn't require the recording of the beginning of the call and is reliant on the known person in the middle attack on the GSM system. This is of significance, as previously police have been able to be sold equipment that locates mobile phones in the area, it now seems even easier to get the content of the call.

    It is worth noting that previously/currently traffic from the base stations to the VLR/HLR was on unencrypted microwave links. Which means anyone with significant skill (read government agencies/foreign embassies etc) could eavesdrop easily.

    Basically your calls are not safe from a lot of computerscience/elec eng departments of unis if they so wish to eavesdrop... as for GCHQ... they'll have had full access for years.

    GSM is by no means a secure protocol, and the A5 cipher isn't very strong. 3G should fix some of these issues, but will have better built in monitoring for the likes of GCHQ

    nothing new here, move along

    Alaric.
     
    Alaric, 4 Sep 2003
    #2
Tags: Add Tags

Share This Page