For Finextra's free daily newsletter, breaking news and flashes and weekly job board.
The A5/1 encryption cypher fell last week and now the A5/3 has been cracked.
Not a good week for mobile phone carriers and alarm bells should be ringing if you are planning involving the GSM association in any secure applications and perhaps you need to revisit the risk equation.
For those in the know a new type of attack was used to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with exceptionally high probability. The distinguisher provides the opportunity for analyzing the single remaining round enabling derivation
of the 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. This translatesa into a couple of hours on a standard PC.
MISTY the old crypto was in fact harder to break. The GSM crew made a backward step of a very high order. (the limitations of the type in this blog prevent me from providing more specific information).
Not the sort of progress I like to make.
The bottom line is that your mobile phone may as well be a CB radio.
Sony have teamed up with Ericsson, Nokia and Apple on a top secret project to create the world's first totally secure phone, guaranteed. It may be a while before it's released though because they just need to overcome a few teething difficulties. Well, one
is that they can't use it for talking...but everything else works! Oh...nearly everything...text messaging is a problem and so is web surfing. But everything else is fine!
I can't wait to queue up at midnight, as usual, to be one of the first dumb customers to throw my money at it.
Yeh, its true, I heard about this listening to one of the Apple execs speaking on his phone on the train! That guy didn't need a phone...everyone in the carriage heard him.
Hi Steve. Love it.
We have been sending actually secret messages - text too, on any off-the-shelf mobile for years without a single spook ever catching on. Even if they did catch on, they could never decipher a message with CALEA and all the geeks on earth. I sometimes wonder
how some ever got phones to work in the first place. Probably copying each other.
Perhaps we should release it to the masses and they could form co-operative confidentiality clubs - without actually breaking any laws designed to make our communications insecure but it sure would give the spooks and others a head-ache if everyone was using
We do a nifty voice version ideal for ship-to-cinc if any (approved) govt types are interested, we call it 'secret squirrel' - my wife's idea. (How long will 'secret squirrel' take to come through the router in a snoop scoop? Oops 124.x.x.. ip addresses
Luckily I'm a 'responsible citizen'. Perhaps the mobile makers are too and thats why we have virtually transparent and totally insecure communications, especially when they flow through the 'test desk' and into the pc of some hopefully authorised snoop (at
post-it-note) or through that little blu'oat box to anyone anywhere.
It would probably be worth listening in to mobile communications - I'm sure plenty of defence deployment and secrets are revealed that way. Hey - even the phone companys' - but in this case there was no need for a bug and just a dummy in the mouth would
have done the trick to keep this secrecy project of theirs 'secret' eh?
And they wondered why I wouldn't sign up for phone banking ('which' a bank tried to make me do to access internet banking).
Gotta go and change my PIN again (on my 'secure' mobile) after another
exploit - or is that another 'promotion' for chip&pin ('pinch') cards?
19 Mar 2009
This post is from a series of posts in the group:
A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.