<http://www.commsdesign.com/printableArticle?doc_id=OEG20030903S0013>
š GSM Association downplays mobile security concerns By John Walko, CommsDesign.com Sep 3, 2003 (5:41 AM) URL: http://www.commsdesign.com/story/OEG20030903S0013 LONDON ± The GSM Association is playing down concerns raised by a team of Israeli scientists about the security of GSM mobile calls. The researchers, from the Technion Institute of Technology in Haifa, revealed they had discovered a basic flaw in the encryption system of the GSM (Global System for Mobile)specification, allowing them to crack its encoding system. The GSM Association, which represents vendors who sell the world's largest mobile system, confirmed the security hole but said it would be expensive and complicated to exploit. Eli Biham, a professor at the Technion Institute, said he was shocked when doctoral student Elad Barkan told him he had found a fundamental error in the GSM code, according to a Reuters report on Wednesday (Sept. 3). The results of the research were presented at a recent international conference on cryptology. "We can listen in to a call while it is still at the ringing stage, and within a fraction of a second know everything about the user," Biham told the news agency. "Then we can listen in to the call." "Using a special device it's possible to steal calls and impersonate callers in the middle of a call as it's happening," he added. GSM code writers made a mistake in giving high priority to call quality, correcting for noise and interference and only then encrypting, Biham said. The GSM Association said the security holes in the GSM system can be traced to its development in the late 1980s when computing power was still limited. It said the particular gap could only be exploited with complex and expensive technology and that it would take a long time to target individual callers. "This [technique] goes further than previous academic papers, [but] it is nothing new or surprising to the GSM community. The GSM Association believes that the practical implications of the paper are limited," the group said in a statement. The association said an upgrade had been made available in July 2002 to patch the vulnerability in the A5/2 encryption algorithm. It said any attack would require the attacker to transmit distinctive data over the air to masquerade as a GSM base station. An attacker would also have to physically stand between the caller and the base station to intercept the call. The researchers claimed they also managed to overcome the new encryption system put in place as a response to previous attacks. Copyright ' 2003 CMP Media, LLC |Privacy Statement -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]