Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Silicon.fr reporting GSM crypto broken
.

  • Subject: Silicon.fr reporting GSM crypto broken
  • From: [EMAIL PROTECTED] (Owen Blacker)
  • Date: Thu, 4 Sep 2003 12:15:05 +0100
.
 
It's the Brian and Owen show again:
> 
> >> However, it seems to me that the threat is not really from off air
> >> monitoring of GSM calls but rather from our paid public servants
> >> (sic) who are already able to listen in on production of whatever
> >> spurious excuse they've thought of....
> >
> >Indeed, I agree completely.  My thoughts, though, were that a break
> >like this (if it hits the mass media and people care sufficiently)
> >might cause GSM to update their whole crypto with something a bit
> >more, well, secure. Which would be A Good Thing(tm).
> 
> I remember that the original GSM crypto was watered down at the
> suggestion of the spooks, although of course that is always denied.

Yeah, that was my understanding too, to which I was alluding.

> >Not knowing all that much about phones, would it be possible for
> >companies to do that with an over-the-air firmware update or would
> >it need a hardware upgrade.  I'd guess the latter (just cos crypto
> >in a phone feels like it ought be embedded on the chip in ROM), but
> >I wouldn't honestly know.  Would any of the more telephony-minded
> >listers care to exposit?
> 
> It might be possible to do it by issuing new SIM cards, quite a lot
> of the crypto functions such as the A3 algorithm used during the
> authentication phase of registering with a network are done in the
> card, but when it comes to passing or generating the keys for in call
> use I suspect that it relies on hardware in the various Sics used.

Even a mass SIM replacement ain't gonna happen without ~a lot~ of public
outrage, though, is it?

Ach well...


O x
-- 
Owen Blacker
Senior Software Developer and InfoSecurity Consultant   Wheel: Group
See http://www.owens-place.org.uk/pgp.html -- more about my PGP keys
Sig  0xa7cb7592 | 9c1c 2996 075b 2daa 3660  6d2f ee34 fc94 a7cb 7592
-- 
Opinions might not even be mine.  Other people can go get their own!

_____________________________________________________________________
This e-mail has been scanned for viruses by MessageLabs.
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.