|
Mobile phones are generally not safe from being eavesdropped and blocked by
mobile phone jammers.
The ability to clone ESD in analogue AMPS phones and to use them to
make free calls and to listen in to calls is legend, popularized by notorious
hackers like Kevin Mitcnick who was one of the first to hack into Nokia phones.
Digital phones are of course a lot more
difficult to hack into, but are easy to jam.
In
October 2003,
an
Israeli
scientific team showed a way to break
into mobile phone calls
on
ubiquitous GSM networks, potentially allowing eavesdroppers to listen in on
conversations and even take on a caller's identity.
They cracked the A5 algorithm which is mean to encrypt calls
The GSM Association says they're "not worried" though.
Security Concerns ate still slowing Mobile Application Deployment
[more...]
In 1998, the Smartcard Developer Association (SDA) and two
U.C. Berkeley researchers jointly claimed that GSM cellphones are susceptible to
SIM cloning.
See: GSM SIMs hacked
See also:
GSM calls
even more secure thanks to new A5/3 Algorithm
Secure Mobile Phones
A number of manufacturers have released phones that prevent bugging over the
air. These encrypt calls using for example GSM data channel to carry the voice
call.
The
Korean Government
recently admitted to developing Anti-Tapping Mobile Phones.
The security aspects of GSM are detailed in GSM Recommendations:
 02.09 - Security Aspects
02.17 - Subscriber Identity Modules
03.20 - Security Related Network Functions
03.21 - Security Related Algorithms"
The subscriber is uniquely identified by the International Mobile Subscriber Identity
(IMSI). This information, along with the individual subscriber authentication key (Ki),
constitutes sensitive identification credentials analogous to the Electronic Serial Number
(ESN) in analog systems such as AMPS and TACS.
The design of the GSM authentication and encryption schemes is such that this sensitive
information is never transmitted over the radio channel. Rather, a challenge-response
mechanism is used to perform authentication. The actual conversations are encrypted using
a temporary, randomly generated ciphering key (Kc).
Components Required:
For the authentication and security mechanisms to function, three elements (SIM,
handset, and GSM network) are required. This distribution of security credentials and
encryption algorithms provides an additional measure of security both in ensuring the
privacy of cellular telephone conversations and in the prevention of cellular telephone
fraud.
- GSM handset or MS
The MS identifies itself by means of the Temporary Mobile Subscriber Identity (TMSI),
which is issued by the network and may be changed periodically (i.e. during hand-offs) for
additional security.
- Subscriber Identity Module (SIM)
The SIM contains the IMSI, the individual subscriber authentication key (Ki), the
ciphering key generating algorithm (A8), the authentication algorithm (A3), as well as a
Personal Identification Number (PIN). The GSM handset contains the ciphering algorithm
(A5). The encryption algorithms (A3, A5, A8) are present in the GSM network as well.
- GSM Network
The Authentication Center (AUC), part of the Operation and Maintenance Subsystem (OMS) of
the GSM network, consists of a database of identification and authentication information
for subscribers. This information consists of the IMSI, the TMSI, the Location Area
Identity (LAI), and the individual subscriber authentication key (Ki) for each user.
|
|
ii
Get FREE updates on the latest ringtones,
logos, alerts, mobile news, & free downloads.
Join our newsletter now
|
|
