http://www.eetimes.de/at/news/OEG20030903S0018
GSM Association downplays mobile security concerns von John Walko September 3, 2003 (4:13 p.m. GMT) LONDON - The GSM Association is playing down concerns raised by a team of Israeli scientists about the security of GSM mobile calls. The researchers, from the Technion Institute of Technology in Haifa, revealed they had discovered a basic flaw in the encryption system of the GSM (Global System for Mobile)specification, allowing them to crack its encoding system. The GSM Association, which represents vendors who sell the world's largest mobile system, confirmed the security hole but said it would be expensive and complicated to exploit. Eli Biham, a professor at the Technion Institute, said he was shocked when doctoral student Elad Barkan told him he had found a fundamental error in the GSM code, according to a Reuters report on Wednesday (Sept. 3). The results of the research were presented at a recent international conference on cryptology. "We can listen in to a call while it is still at the ringing stage, and within a fraction of a second know everything about the user," Biham told the news agency. "Then we can listen in to the call." "Using a special device it's possible to steal calls and impersonate callers in the middle of a call as it's happening," he added. GSM code writers made a mistake in giving high priority to call quality, correcting for noise and interference and only then encrypting, Biham said. The GSM Association said the security holes in the GSM system can be traced to its development in the late 1980s when computing power was still limited. It said the particular gap could only be exploited with complex and expensive technology and that it would take a long time to target individual callers. "This [technique] goes further than previous academic papers, [but] it is nothing new or surprising to the GSM community. The GSM Association believes that the practical implications of the paper are limited," the group said in a statement. The association said an upgrade had been made available in July 2002 to patch the vulnerability in the A5/2 encryption algorithm. It said any attack would require the attacker to transmit distinctive data over the air to masquerade as a GSM base station. An attacker would also have to physically stand between the caller and the base station to intercept the call. The researchers claimed they also managed to overcome the new encryption system put in place as a response to previous attacks. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]