Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
read more
David Heath
Sunday, 24 February 2008 17:48
The GSM standard includes 4 levels of phone-to-base station encryption, labelled A5/0 to A5/3. A5/0 is no encryption – all conversations are in plaintext and open to anyone able to listen in. Typically, this was used by the countries the European Union (EU) hated, since unlike most “global” technologies USA didn’t invent GSM.
The primary encryption standard (A5/1) was reserved for “close friends” of the EU – France, Germany, UK etc and some non-EU countries (USA for instance). The rest of the more friendly nations (those more “friendly” than “hated”) were offered A5/2. A5/3, the strongest encryption of the group was introduced rather more recently.
In the late 1990s, confirmed in 2003, A5/2 was essentially broken. There were well-substantiated claims that the encryption could be defeated in around 15 milli-seconds, using hardware current as of 1999. In other words, in-call interception was easily achieved.
There have regularly been suggestions that a back-door existed in all implementations of A5/x and was made available to governmental organisations as needed (for instance here). Obviously such suggestions were never confirmed, but since encryption was only ever applied to the wireless component of a call (and any wired component was in plain-text), the point was somewhat moot anyway - the tales of government security access to telco systems are legendary (look them up yourself!).
So, enough history, what of the new attack? It’s difficult and expensive, right?
Unfortunately, no. David Hulton of Pico Systems and Steve Muller from CellCrypt, the authors of the attack estimate that a system costing only $US1,000 (strangely developed by Pico!) will allow completely passive decryption of a GSM call encrypted with A5/1 in only 30 minutes; spend half a million, and it can be done in 30 seconds, and what government can’t afford that?
So, here in Australia, we’ve been secure until now, haven’t we? Unfortunately not; as surprising as it might seem, the “coalition of the willing” does not equate to “friendly” status. We’re stuck with A5/2! Live with it.
Loading comments ...
 |
Microsoft Office 365Try an easy-to-use set of web-enabled tools for business-class productivity services. Office 365 provides anywhere-access to email, important documents, contacts, and calendars on almost any device.  |
LATEST HEADLINES FROM YOUR IT
