Safe / Secure / Systems : Internet and Data Security for Regular People: GSM Phone Security

Friday, January 1, 2010

GSM Phone Security - Not So Secure Anymore

Happy new year to everyone! Really. I would like to think it will be better than that last one!

This has been in the press recently: Although it's not trivial to do - a snoop needs about $1000 worth of equipment to accomplish it - but the security scheme that digital cell phones use - "GSM" - has been cracked. This means if you're an AT&T (don't get me started about that company!) or T-Mobile subscriber in the US, your calls can no longer be considered to be private. (Verizon, Sprint, etc. use CDMA technology, which is totally different than GSM.)

The researcher that published the technique is being lambasted quite a bit for doing it, but I believe his intentions are noble - as is so often the case in big business, companies are loathe to do anything that costs them money and prefer to ignore Elephants In The Living Room until they're forced to do something.

Now, another blogger asserts that there's nothing to worry about, and that the phone companies will move to the stronger 128-bit encryption protocol (the current protocol is "only" 64 bit) - but it could be said that the publication of the decryption technique will at least hurry them along a bit, and even with that, who knows when this will actually be 100% deployed across the country?

***

While we're on the subject - the cordless landline phones I use in my home are Panasonic "DECT 6.0" phones - I got them at Costco, but DECT 6.0 phones are sold "everywhere". In theory my phones provide secured communications that can't be monitored, but I have seen mention here and there that some phone manufacturers don't enable the encryption that DECT provides. So when I order a pizza (mmmmm, Fast Pizza Delivery pizza!) over the phone and give them my credit card information, I really have no idea whether that conversation could be monitored by some crook with a sophisticated radio receiver (e.g. GNU Radio).

So for the moment, since I'm stuck with AT&T Wireless for the time being, and because I use DECT 6.0 phones at home, I have no assurance that my conversations are secure. You might say "well who cares - I have nothing to hide!" - well, how many times do you use your cell or home wireless phone to perform financial transactions with your bank, broker, credit card company,...?

No comments:

Post a Comment

Disclaimer

The information contained in this Site is provided in good faith by the author for general guidance on matters of interest only. Given the inherent hazards of electronic communication, there may be omissions or inaccuracies in information contained in this Site. As a result, the information on this Site is provided with the understanding that the author is not herein engaged in rendering any professional advice and services. As such, it should not be used as a substitute for consultation with professional and competent advisors. Before making any decision or taking any action based on the information contained in this Site, you should consult a professional who is competent in providing professional advice in information technologies.
While the author has made considerable effort to ensure that the information contained in this Site is accurate, the author is not responsible for any errors or omissions, or for the results obtained from the use of this information. All information contained in this Site is provided "as is", with no guarantee of completeness, accuracy, timeliness or the results obtained from the use of the information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability and fitness for a particular purpose or product safety of any kind. In no event will the author, his or her related partnerships or corporations, or the partners, family members, agents, employees or employers thereof be liable to you or anyone else for any decision made or action taken in reliance on the information contained in this Site, or for any indirect, consequential, special or similar damages including, without limitation, permanent loss or corruption of data, physical or emotional sufferings, moral standard corruptions, damages for loss of goodwill or self-esteem, loss of customers or market share, breach of security, permanent or temporary loss of employment, permanent or temporary loss of connectivity to the Internet, work stoppage, loss of income, computer related fires or other mishaps, computer failure or other malfunctions.
Certain links in this Site connect to other Web Sites maintained by third parties over whom the author has no control. These links are for general guidance on matters of interest only. The author makes no representations as to the accuracy or any other aspect of information contained in other Web Sites. The provision of these links should not be interpreted as constituting any kind of endorsement, whether implicit or explicit, of the views and/or contents of such other Web Sites.

Safe / Secure / Systems :
Internet and Data Security
for Regular People

Friday, January 1, 2010

GSM Phone Security - Not So Secure Anymore

No comments:

Post a Comment

Followers

Blog Archive

About Me

Disclaimer