[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Israeli boffins crack GSM code
- To: Rainer Gerhards <rgerhards@xxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] Israeli boffins crack GSM code
- From: Adam Shostack <adam@xxxxxxxxxxxx>
- Date: Tue, 9 Sep 2003 11:24:28 -0400
On Tue, Sep 09, 2003 at 04:22:19PM +0200, Rainer Gerhards wrote:
| It was in the media over here in Germany some days ago. It seems to be a
| fundamental flaw in the GSM design. AFIK, the attacker pretends to be a GSM
| base station and can receive the call via a cell handover. Using this
| technology, it would also possible to call "in the name of" (with the caller
id
| of) any victim that comes close enough to the fake base station. It was said
| that the GSM providers do not really care because a) it would be to hard to
set
| up the equipment and b) it would probably to expensive for the operators to
fix
| this ;)
don't forget c) it's revenue, and if the thieves use it to pass their
bills for calling the most expensive countries on earth onto random
passers-by, its not the telco's problem, is it? They're using
"Industry standard" security.
This is like the (AT&T?) voice mail frauds that were costing people
thousands of dollars for choosing poor passwords for their voice
mail. Until it hits a certain level, its just revenue enhancement
through poor security.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html