GSM eavesdropping

Adam Fields cryptography23094893 at aquick.org
Mon Aug 2 12:12:25 EDT 2010 

On Mon, Aug 02, 2010 at 04:55:04PM +0100, Adrian Hayter wrote:
> In a related story, hacker Chris Paget created his own cell-phone base station that turned off encryption on all devices connecting to it. The station then routes the calls through VoIP.
> 
> http://www.wired.com/threatlevel/2010/07/intercepting-cell-phone-calls/

Apropos the theses thread, this article contains mention of an
interesting security "feature":

'Although the GSM specifications say that a phone should pop up a
warning when it connects to a station that does not have encryption,
SIM cards disable that setting so that alerts are not displayed'

That would be an example of a bad security tradeoff with the intended
result of not bugging the user about something over which they have
neither control nor recourse, but with the actual result of opening a
significant security hole. The incentives are also all misaligned
here. Presumably the right thing to do is refuse to connect to any
unencrypted towers, but assuming that there are some legitimate ones
out in the wild, the net effect is probably just worse service for the
end user. The user has no way to tell the difference, which is of
course the point of using encryption in the first place.

-- 
				- Adam
----------
If you liked this email, you might also like:
"Some iPad apps I like" 
-- http://workstuff.tumblr.com/post/680301206
"Sous Vide Black Beans" 
-- http://www.aquick.org/blog/2010/07/28/sous-vide-black-beans/
"Sous Vide Black Beans" 
-- http://www.flickr.com/photos/fields/4838987109/
"fields: Readdle turns 3: Follow @readdle, RT to win an #iPad. $0.99 for any ap..." 
-- http://twitter.com/fields/statuses/20072241887
----------
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff

[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list