Robert Levy
09-05-2003, 06:00 PM
<div class='os_post_top_link'><a href='http://www.newscientist.com/news/news.jsp?id=ns99994130' target='_blank'>http://www.newscientist.com/news/news.jsp?id=ns99994130</a><br /><br /></div>"The encryption system that protects the almost 900 million users of GSM cell phones from instant eavesdropping or fraud is no longer impregnable, cryptologists claim.<br /><br />Researchers at the Technion-Israel Institute of Technology in Haifa say they have found a way to defeat the security system, exploiting a flaw in the way the encryption is applied.<br /><br />With GSM, the voice is encoded digitally. But, before this data is encrypted, it is corrected to help compensate for any interference or noise, says Eli Biham, who led the Technion team. This gives an opportunity for a "man in the middle" attack, in which the call is intercepted between the handset and the network base station."<br /><br />Read the full article for details on how this works. The good news is that 3G phones use a different security protocol so they won't be effected by this. Regardless, this is one more reminder that absolute privacy is becoming harder and harder to come by in this technological era. How long will it be before the other cellular security protocols are also comprimised?