DUBLIN, Ireland, April 15, 1998 -- The GSM MoU Association, which represents the world's GSM network operators, regulators and administrative bodies from 109 countries/areas of the world, has received reports from the U.S. which claim that the security provided by the GSM SIM card may have been compromised. |
The recent, unsubstantiated, reports concern the mathematical code (A3) used to provide authentication within the GSM smartcard.
Charles Brookson, Chairman of the GSM MoU Association's Security Group said: "The Association's members have been aware of reported attempts to compromise this element of GSM security. It has been alleged that, through a long process of trial and error, an individual user's secret key code may be discovered."
"It is important to stress that this would only be feasible where the hacker has the card in their physical possession. If achieved, it would only compromise that one card and it is not practical to achieve over the airwaves by eavesdropping, so GSM mobiles cannot be cloned (copying the users identity) in the manner of analogue phones."
"There is no significant breach of security here," added Brookson. "Compromising the A3 algorithm does not, in itself present a significant threat to GSM security overall."
"Furthermore, the GSM algorithm the students are claiming to have broken is the example algorithm provided to our members for them to create their own individual version.
"Our customers can be assured that GSM remains a secure technology with standards of security greater than any other mobile public network," said Brookson.
CONTACT: Mike Houghton, Communicreate, 1901 Old Stage Road, Alexandria, VA 22308, Ph:+ 703-799-7383, Fax: +703-799-5819, PCS: +703-862-5803, Pager: 1-800-796-7363 PIN: 106-0121