Talks about core technologies in new conferences always attract me. 26th Chaos Communication Congress, held over the last weekend, is just one that made me think more.
The “GSM: SRSLY” topic is very hot and practically pulled me into one of the black-hole topics. Yes, even discussing wiretapping tools can be illegal in few countries (especially the “so-called” developed ones). Success in a distributed code break effort on GSM technology is not surprising. This vulnerability is very much exploited by government and private intelligence work (may be both legal and illegal). Things we see in the movies on cellular wiretapping aren’t really fictional…they are a reality.
Source of this vulnerability resides in a 64-bit encryption algorithm we have deployed in about 80% of GSM cellular networks around the world. So, technically speaking, if you aren’t a customer of the off-the-shelf intelligence products (like Semi-Active GSM Monitoring System), don’t feel left out. At the demonstration held in 26C3, we have got some interesting findings that show that with few advanced systems engineering effort, one can build something like that from ground-up, with just 3 months of data mining.
There has always been a need for looking at security and privacy a little bit more closely. Makes me also recollect what happened recently, when enterprises opted for a 512-bit encryption setup using BlackBerry infrastructure in INDIA. When we know that 64-bit encryption can be broken in real-time, we must accept that organized outfits (like government agencies) can/already do real-time hacking of 512-bit encryption with distributed hacking techniques.
I think that privacy and safety of individuals are governed and not provided/available as a choice (a.k.a. freedom). I know that I have no privacy when using my cell phone. I still use it, because it doesn’t pose any risk to my personal life or business. I would rather use a cell phone to talk than get stuck to phone booth every time (we know what privacy we have on wire-line phones 
). May be that’s the choice I have and have chosen to go mobile.
“Opting-out for privacy” also sounds freedom to me. But there has to be a situation where I “Opt-in for privacy” and there exist a legal infrastructure to make me feel safe in doing business communications. Hope GSM Alliance can do something about it…or else we will have to have Telcos provide just the pipe and let us go the IP way at some-point (VOIP calls anybody?).
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.