Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Silicon.fr reporting GSM crypto broken
.

  • Subject: Silicon.fr reporting GSM crypto broken
  • From: [EMAIL PROTECTED] (Owen Blacker)
  • Date: Thu, 4 Sep 2003 11:44:32 +0100
.
 
Brian Morrison, again quoting me:
> 
> >Though I think their paragraph "The security loophole arises because of
> >a fundamental mistake made by GSM developers in creating a system which
> >corrected for interference of the line prior to encrypting a
> >conversation, he explained." might be down to poor translation
> >somewhere (from Hebrew, maybe?) as my translation feels like it makes
> >more sense to me.  I'm quite willing to be proven wrong, of course.
> 
> Yes, I re-read your translation and the Register one and yours sounds
> better to me too.

Why thank you kind sir  :)

Tbh, their version reads as though it's also been translated from Silicon's
French, as the French wording could quite easily be misinterpreted to mean
"prior to", rather than "in priority over".

Strange...

> However, it seems to me that the threat is not really from off air
> monitoring of GSM calls but rather from our paid public servants (sic)
> who are already able to listen in on production of whatever spurious
> excuse they've thought of....

Indeed, I agree completely.  My thoughts, though, were that a break like
this (if it hits the mass media and people care sufficiently) might cause
GSM to update their whole crypto with something a bit more, well, secure.
Which would be A Good Thing(tm).

Not knowing all that much about phones, would it be possible for companies
to do that with an over-the-air firmware update or would it need a hardware
upgrade.  I'd guess the latter (just cos crypto in a phone feels like it
ought be embedded on the chip in ROM), but I wouldn't honestly know.  Would
any of the more telephony-minded listers care to exposit?


O x
-- 
Owen Blacker
Senior Software Developer and InfoSecurity Consultant   Wheel: Group
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xa7cb7592 | 9c1c 2996 075b 2daa 3660  6d2f ee34 fc94 a7cb 7592
-- 
Opinions might not even be mine.  Other people can go get their own!

_____________________________________________________________________
This e-mail has been scanned for viruses by MessageLabs.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.