|
|
|
|
|
|
|
 |
 |
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
|
|||
|
|
||||||
The GSM MoU Association has reacted quickly to reports from the US that the mathematical code—known as the ‘A3 algorithm’—used to provide authentication within a GSM smartcard, had been compromised by a software engineer and two graduate students at the University of California at Berkeley.
Charles Brookson, Chairman of the GSM MoU’s Security Group, stressed that such an attack would be feasible only where hackers had a user’s subscriber identity module (SIM) card in their possession. “If achieved, a successful attack would compromise only one card and it is not practical to achieve over the airwaves by eavesdropping, so GSM mobile phones cannot be ‘cloned’ (by copying the user’s identity) in the manner of analogue phones. Compromising the A3 algorithm does not, in itself, present a significant threat to GSM security overall.”
Brookson went on to add that the GSM algorithm the students claimed to have broken was the ‘example algorithm’ provided to members of the MoU to create their own individual version, and not a commercial grade system. Be that as it may, GSM joins a long line of supposedly ‘tamper-proof’ technologies that have been broken.
Cryptography experts at universities have made a sport out of cracking popular encryption algorithms with Microsoft, Netscape and Sun Microsystems feeling the sting of such precocious ‘kids’.
Network System Architects, Inc.
