[2515] in cryptography@c2.net mail archive
Re: TIME Magazine on GSM cell phone crack
daemon@ATHENA.MIT.EDU (Mike Rosing)
Wed Apr 15 15:27:15 1998
Date: Wed, 15 Apr 1998 09:24:17 -0500 (CDT)
From: Mike Rosing <cryptech@Mcs.Net>
cc: cryptography@c2.net
In-Reply-To: <199804150122.SAA02021@joseph.cs.berkeley.edu>
On Tue, 14 Apr 1998, David Wagner wrote:
>
> As for Mike Rosing's remarks, I suspect he may be thinking of the
> US analog networks (and, to some extent, the digital North American
> systems). For instance, GSM phones don't have any concept of MIN/ESN
> pairs; so far as I know, that's a North American idiosyncracy.
>
> And all those fraud detection expert systems are primarily deployed
> (as far as I can tell) in North American analog networks, where there's
> absolutely no crypto, and fraud is already a massive problem, to the
> tune of > $500 million / year.
Yes, that's all I've worked on. The other replies are interesting because
the analog base stations send data to a central switch for decision
making. It sounds like the GSM base stations are more "intellegent", so
they can make connections without first getting an ok from the central
switch (which connects the cell phones to POTS). The advantage to the
analog phones is that the roamers have to first be checked from their home
switch, so it's pretty easy to detect duplicates anywhere in the system
(which only covers the US and Canada).
I was told by the guys who'd been building cell phones for a few decades
that they warned the upper management types to build in fraud detection
and some level of crypto at the beginning. But the cost of doing it then
was considered too high, and the managers figured that the technology was
so complex that nobody would figure it out (they were spending millions
developing it, to crack it should take millions too eh?) To retro fit
everything now would cost *way* too much, so the best that they can hope
for is that PCS or CDMA or TDMA will have the right stuff built in.
One would think they'd have learned from the first mistake. We'll see :-)
Patience, persistence, truth,
Dr. mike
