GSM Encryption Cracked... GSMA's First Response? That's Illegal!
from the yeah,-because-the-eavesdroppers-care dept
The big news in security circles this week is the fact that a security researcher claims to have cracked the encryption used to keep GSM mobile phone calls private. It looks like he and some collaborators used a brute force method. He admits that it requires about $30,000 worth of equipment to de-crypt calls in real-time, but that's pocket change for many of the folks who would want to make use of this. What's much more interesting (and worrisome) is the GSM Association's (GSMA) response to this news:"This is theoretically possible but practically unlikely," said Claire Cranton, an association spokeswoman. She said no one else had broken the code since its adoption. "What he is doing would be illegal in Britain and the United States. To do this while supposedly being concerned about privacy is beyond me."There are so many things wrong with that statement it's hard to know where to begin. First, claiming it's "theoretically possible, but practically unlikely" means that it's very, very possible and quite likely. To then say that no one else had broken the code since its adoption fifteen years ago is almost certainly false. What she means is that no one else who's broken the code has gone public with it -- probably because it's much more lucrative keeping that info to themselves. Next, blaming the messenger by announcing that cracking the code is "illegal in Britain and the United States" is not what anyone who uses a GSM phone should want to hear. They should want to know how the GSMA is responding and fixing the problem -- not how they're responding to the public release. Finally, if it's "beyond" her why cracking a code used for private conversations and showing that it's insecure is all about being concerned about "privacy" -- she should be looking for a different job. This has everything to do with privacy. The GSMA claims that the code is secure for private conversations, and this group of folks is showing that it is not. That seems to have everything to do with privacy.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, gsm, privacy, reaction, security
Companies: gsma
Reader Comments
Subscribe: RSS
View by: Time | Thread
A5/3
Since 2006 handset manufacturers have been mandated to remove support for A5/2 (much easier to crack) so that the phone is safe (with no real change to networks). This means your expensive new phone likely wont work in poorer, non western, countries who are only allowed A5/2. A5/1 is likely to go a similar way in the next 5 years, assuming of course traditional voice networks remain. My guess is all future voice will go VoIP with lovely AES etc etc.
[ link to this | view in chronology ]
/sigh
[ link to this | view in chronology ]
Re: /sigh
[ link to this | view in chronology ]
Re: Re: /sigh
[ link to this | view in chronology ]
Re: Re: Re: /sigh
Just Saying.
[ link to this | view in chronology ]
Re: /sigh
[ link to this | view in chronology ]
Blame it on France
[ link to this | view in chronology ]
Ms. Cranton obviously worships the Goddess of Institutional Inertia
[ link to this | view in chronology ]
Voip
Who's with me!
[ link to this | view in chronology ]
Voip
Who's with me!
[ link to this | view in chronology ]
Re: Voip
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
$30,000 ? Try $2,000!
He told all on his podcast "Security Now". The podcast with all the pertinent info is here:
http://twit.tv/sn213
Transcript here:
http://www.grc.com/sn/sn-213.txt
That should put an end to the cell companies blowing smoke up places it doesn't belong. Also, it's amazing the cell providers kept a lid on it this long!
[ link to this | view in chronology ]
CDMA?
[ link to this | view in chronology ]
Re: CDMA?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
government already had the codes
[ link to this | view in chronology ]
Re: government already had the codes
[ link to this | view in chronology ]
Re: Re: government already had the codes
[ link to this | view in chronology ]
Make a lot of Live USBs and show it to the world :)
Microsoft wouldn't dream of doing this.
That is why to create a live windows CD you have to go to a extensive marathon of steps to accomplish this simple task.
[ link to this | view in chronology ]
we dont care bout your stinkin laws no more
[ link to this | view in chronology ]
Re: we dont care bout your stinkin laws no more
Just Saying.
[ link to this | view in chronology ]
Cloned phones
If all the low level communication was also done via encryption, it would be impossible to even listen in on a CDMA data stream.
GSM is less secure.
[ link to this | view in chronology ]
GSMA response
[ link to this | view in chronology ]