This story appeared in Wireless Daily News - this is a local copy of the
For more information about Wireless Daily News see details at
Cryptographers Announce Break in Authentication Encryption for GSM Phones
WASHINGTON, D.C., April 13, 1998 - A software developer and two graduate
students announced April 11 in San Francisco that they have been able to
extract encrypted information from the "smart cards" used in GSM phones.
The Cellular Telecommunications Industry Association makes the following
points about this announcement:
What the cryptographers are announcing is a form of cloning, which is
illegal under federal law.
They are making no claims that they are able to listen to the content
of phone conversations, but only that they can decipher
"authentication" information, which is used to protect phones
from being cloned.
They are making no claims that they can decode over-the-air signals. They
must actually have the handset and smart cards to carry
out this operation. In other words, phones would literally have
to be in-hand in order to extract this information.
For several years now, education institutions and scientific
laboratories have demonstrated the capability to extract data
from and copy smart cards. None of these groups' "discoveries"
have had a significant impact on the security of any wireless
phone technology. This is because each attack was based on
the concept that the criminal would be able to steal the smart
card out of the phone, take it to a lab, illegally duplicate
the information on the smart card, and then return the card
to the phone, all before the real subscriber attempted to make
another call or noticed that the phone was not operating. This
is highly unlikely.
There is a major difference between the capability of trained
cryptographers to obtain this information using computers and
the practical reality of actually being able to carry out such
an illegal operation on a large scale. In other words, there
seems to be no practical threat to consumer security.