Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


Silicon.fr reporting GSM crypto broken
.

  • Subject: Silicon.fr reporting GSM crypto broken
  • From: [EMAIL PROTECTED] (Brian Beesley)
  • Date: Thu, 4 Sep 2003 12:42:13 +0000
  • In-reply-to: <[EMAIL PROTECTED]>
  • References: <[EMAIL PROTECTED]>
.
 
On Thursday 04 September 2003 11:13, Ross Anderson wrote:
>
> An alternative fix is perhaps just never to use A5/2. If a base
> station wants to talk A5/2, talk in clear instead. I suspect that this
> too could only be implemented on a smallish subset of the fielded
> equipment base.

Ummm - is this a "fix" - surely it would be easier still to eavesdrop or 
break into a conversation if it were in clear instead of A5/2?

The A5/2 fix would be to ensure that a session was never set up using that 
protocol. If a phone won't accept A5/1 then don't set up a session.

This fix could be done at the base stations, which are presumably a lot 
easier to upgrade than phones, if only because there are less of them & they 
don't move around so much. If this fix breaks any phones, it's because they 
were defective to start off with i.e. A5/1 was not implemented properly hence 
they were forced to A5/2.
>
> It's an interesting long-tail vulnerability resulting from weak crypto
> mandated by governments.

Yes. We need to break this sort of thing once & for all. Governments should 
keep their noses out of private conversations, full stop.

Brian Beesley
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.