Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Silicon.fr reporting GSM crypto broken
.

  • Subject: Silicon.fr reporting GSM crypto broken
  • From: [EMAIL PROTECTED] (Owen Blacker)
  • Date: Thu, 4 Sep 2003 10:42:57 +0100
.
 
http://www.silicon.fr/getarticle.asp?ID=2247 (in French; reg prolly
rqd)

Partial (and hurried) translation follows:

<translate>
| Mobiles: researchers break the GSM code
| The vulnerability allows interception and listing to calls
| 
| We talk a lot about vulnerabilities and viruses that attack our
| systems.  But we talk much less about mobile phones which themselves
| contain embedded software and are, thus, vulnerable to attacks. 
| Israeli researchers have recently demonstrated that this
| vulnerability is also important.  
| 
| A group of researchers have, in effect, broken the encryption code
| that protects GSM mobile phone conversations, according to the Hebrew
| daily [sic] Ha'aretz [http://www.haaretz.com/, though I can't find
| anything there].  
| 
| [...]
| 
| Eli Biham, professor at the Technion[?] Institute in Haifa, says that
| he was dumbfounded when one of his doctorate students, Elad Barkan,
| announced that he'd found a fundamental error in the encryption
| protocol used by GSM.  "I told him it was impossible", Biham told
| Reuters, "an error that common must already have been fixed by
| someone.  However, he was right, the flaw really was there." [I'm
| retranslating his words, so they won't be verbatim]  
| 
| [...] "We can listen to the conversation."
| 
| According to him, the editors of the GSM software made the error of
| prioritising sound quality -- that's to say the error correction and
| handling interference -- over encryption.  
| 
| In any case, we don't need to panic.  According to the GSM
| Association, the vulnerability discovered in Haifa could not be
| exploited without expensive and complex technologies and would only
| allow precise user-identification after long research.  
| 
| Furthermore, such an attack could only succeed if the pirate sent out
| signals in a manner to pass off his equipment as the GSM relay by
| which the communications should travel.  The attacker would, equally,
| have to locate himself physically between the relay and the victim in
| order to intercept the call.  
| 
| The scientists have sent a copy of their work to the GSM Association,
| to help them correct the problem.  Equally, they have kept the
| details of their discovery very brief, so that any use will be kept
| for white hats, they confirmed. 
</translate>

The story's credited to "Max Verbatim" (no, really).  The translation's
mine.  Further distribution is fine, so long as my credit remains  ;o)

-- 
Owen Blacker
Senior Software Developer and InfoSecurity Consultant   Wheel: Group
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xa7cb7592 | 9c1c 2996 075b 2daa 3660  6d2f ee34 fc94 a7cb 7592
-- 
Opinions might not even be mine.  Other people can go get their own!

_____________________________________________________________________
This e-mail has been scanned for viruses by MessageLabs.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.