Hi all, seems that not all mails get thru the list at the momen. I.e. I did not get Karsten's OP.
My position to this is: First they ignore you, then they laugh at you, then they fight you, then you win. At present the public is waking up and the stage of their fight is starting. I suggest to carry on and to disclose every research result that is reached. And if they really start fighting let's see if there is a way to talk to them. That might end up in a lawsiute against them as they claim Karsten did something illegal but it doesn#t have to end up like this. Obviously there is a bit more freedom and justice remaining in Germany than in the states and I do not want to go to the US anyway during this lifetime. Would be a pitty if I could not go to some workshops in UK anymore but for me it is important to protect the public against the risk that A5/1 exposes to them. Thus I can take some of the grey stuff on my shoulders if you like. We should start to talk to the banks for example. ANZ Bank (Australia,NZ,... ) is very proud of their mobile banking system that enables customers to do instant money transfer via cell phone If it is possible to intercept this kind of transactions on a private GSM-network (that does not belong to one of the big players) the banks will get interrested in putting force to the public networks because the damage that will be caused by criminals ( and they will do this) will be enormous. Cheers Eckhard > Hi Karsten: > > I will like to give you more info. > > Preliminary info: It is totally legal to listen, decrypt or decode your own > mobile phone worldwide. I have an international radio license from United > Nations, and read all legal stuff about this with lawyers. > What could be illegal, is to distribute or use against another party. > > The problem is that cell operations do not want to invest in upgrading the > technology, now OBSOLETE. As you know, GSM Rainbow Tables are available > worldwide since 1998. Many Spy Shops are NOW selling the equipment for u$s > 500.000.-! (i could post all sellers) > > It could decode and listen to a conversation in 2-3 seconds MAXIMUM. The main > problem for them is the active channels to monitor 4-8-12-16. More control > channels, more hardware, more expensive. > > Academic research is totally legal. Radio first code was MORSE. So, GSM is > similar. The problem is that commercial people do not want to upgrade their > technology ($$$). And prefer to persuade people investigation. > > Nowadays, WPA-Wireless is also easily intercepted, 3G or KASUMI could be > decoded also, AES256 U.S. official govermement algorythm could be attack > easily since Asiacrypt2009, etc. NSA or any agency are implementing their > own private distributed networks (check accessdata.com) > > What I suggest is to use private and stronger crypto systems. Solution: > PRIVATE Networks. (Like TETRAPOL) > > Javier > > > >> From: [email protected] >> To: [email protected] >> Date: Wed, 30 Dec 2009 12:07:50 +0100 >> Subject: [A51] No demonstration at 26C3 today >> >> Dear list, >> >> Congratulations to the discussion we started on the security of A5/1. >> This was the primary goal and we did it in very challenging time >> frame. Thanks to everyone! >> >> The demonstration planed for today is canceled. Let me explain the >> reasons and perhaps start a discussion on how the project should >> progress from here: >> >> A. The GSMA and some of its members make strong claims that what we >> do is illegal. We do not believe that is the case and that this >> research has not once crossed the line into illegality. However, not >> being lawyers ourselves and knowing how complex wire-tapping laws are, >> we want to reconfirm with our counsel that using the rainbow tables >> for academic purposes is legal. >> >> B. Starting the discussion on how much security GSM deserves was one >> of our main goals. We did it. The next steps must not contradict this >> positive message we want to get across. I'll put this as a question to >> the list: Do we risk killing a positive dialogue with operators and >> suppliers by providing attack tools too fast? I understand that we are >> 15 years into hacking GSM, but it did hit some industry players as >> news this week. Would it be fair to give them a few extra weeks to >> digest what should have been known years ago? >> >> Please let me know what you all think ... >> >> Cheers, >> >> -Karsten >> _______________________________________________ >> A51 mailing list >> [email protected] >> http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 >> > > _________________________________________________________________ > Windows Live Messenger GRATIS: lo que faltaba en tu BlackBerry > http://www.messengerentublackberry.com?ocid=WL_BB_LandPage_TagLine > > ------------------------------------------------------------------------ > > _______________________________________________ > A51 mailing list > [email protected] > http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51 > _______________________________________________ A51 mailing list [email protected] http://lists.lists.reflextor.com/cgi-bin/mailman/listinfo/a51
