CryptoPhone source and CryptoPhone for Windows released

2003-12-14 Thread Barry Wels
We published today the full source code of our CryptoPhone products at Also available for download is now the
first public Beta version of the free GSMK CryptoPhone for Windows

The free GSMK CryptoPhone for Windows is currently in public Betatest.
Please note that some bugs may still be in there as we concentrated our
efforts primarily on the testing and debugging of our commercial
product GSMK CryptoPhone 100.

With regards,

Barry Wels

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

Re: Code breakers crack GSM cellphone encryption/GNU Radio

2003-09-11 Thread Barry Wels
Actually, patenting the method isn't nearly as silly as it sounds.
Produced in quantity, a device to break GSM using this attack is not going 
to cost much more than a cellphone (without subsidies). Patenting the 
attack prevents the production of the radio shack (tm) gsm scanner, so 
that it at least requires serious attackers, not idle retirees or jealous 

 Not if they can type GNURadio into Google.

Eric Blossom of GNU Radio visited Europe one month ago.
Some radio enthusiasts in the Netherlands where interested in the
GNU radio project. So I asked Eric if it was ok to make a video for them.

The resulting two video clips are online (in MPG / VCD quality).

GNU-radio_intro.mpg and
GNU-radio _Q_and_A.mpg

A zip containing these two video files can be found on : (108 Mb)

Enjoy, and feel free to mirror / distribute them ...

With regards,

Barry Wels.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]

GSM : listen in to a call while it is still at the ringing stage ...

2003-09-04 Thread Barry Wels

GSM Association downplays mobile security concerns

von John Walko
September 3, 2003 (4:13 p.m. GMT)
LONDON - The GSM Association is playing down concerns raised by a team
of Israeli scientists about the security of GSM mobile calls. The
researchers, from the Technion Institute of Technology in Haifa,
revealed they had discovered a basic flaw in the encryption system of
the GSM (Global System for Mobile)specification, allowing them to
crack its encoding system.

The GSM Association, which represents vendors who sell the world's
largest mobile system, confirmed the security hole but said it would
be expensive and complicated to exploit.
Eli Biham, a professor at the Technion Institute, said he was shocked
when doctoral student Elad Barkan told him he had found a fundamental
error in the GSM code, according to a Reuters report on Wednesday
(Sept. 3). The results of the research were presented at a recent
international conference on cryptology.

We can listen in to a call while it is still at the ringing stage,
and within a fraction of a second know everything about the user,
Biham told the news agency. Then we can listen in to the call.

Using a special device it's possible to steal calls and impersonate
callers in the middle of a call as it's happening, he added. GSM code
writers made a mistake in giving high priority to call quality,
correcting for noise and interference and only then encrypting, Biham

The GSM Association said the security holes in the GSM system can be
traced to its development in the late 1980s when computing power was
still limited. It said the particular gap could only be exploited with
complex and expensive technology and that it would take a long time to
target individual callers.

This [technique] goes further than previous academic papers, [but] it
is nothing new or surprising to the GSM community. The GSM Association
believes that the practical implications of the paper are limited,
the group said in a statement.

The association said an upgrade had been made available in July 2002
to patch the vulnerability in the A5/2 encryption algorithm.

It said any attack would require the attacker to transmit distinctive
data over the air to masquerade as a GSM base station. An attacker
would also have to physically stand between the caller and the base
station to intercept the call.

The researchers claimed they also managed to overcome the new
encryption system put in place as a response to previous attacks.

The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]