GSM Alliance Clarifies False & Misleading Reports of Digital Phone Cloning
San Francisco -- GSM Remains the Most Secure Commercial Wireless Technology
Today, a coalition of wireless Personal Communications Services (PCS)
providers released facts to correct some misconceptions generated by the
recent claim that several California researchers had found a weakness in
the security of Global System for Mobile communications (GSM)
technology, the world's most popular digital wireless standard.
The North American GSM Alliance, LLC - consisting of the eight largest GSM
network operators in the United States and Canada - provided the following
information in response to a number of erroneous published reports.
1. GSM phones are not vulnerable to cloning.
Researchers only claimed that, through a process of trial and error, they
figured out how to copy information from the Subscriber Identity Module
(SIM) card - a unique GSM feature that contains a customer's individual
network access code. Duplicating a SIM card is not like cellular cloning since the
network only recognizes one copy of a GSM phone number at a time. This is
an important distinction, since it does not permit would-be thieves to
fraudulently capture, duplicate and utilize a customer's phone number and
account information by intercepting over-the-air transmissions and
deciphering the data.
By contrast, information from ordinary analog cellular phones can be pulled
out of the airwaves, copied and re-used multiple times. This illegal
process, also known as "sniffing," is still not possible to do with GSM
technology. The California group said that it needed physical access to a SIM
card in order to duplicate it. While they believed copying theoretically could be
done remotely, the group admitted that it was, in fact, unable to do so.
2. There is no risk to subscribers.
GSM's design process and proven functionality continues to offer the
strongest level of commercial wireless security. GSM customers can have the
highest degree of confidence that they are protected from over-the-air
cloning. In fact, thieves can more easily steal GSM phone service simply by
stealing wireless handsets rather than producing counterfeit SIM cards. Once
someone steals a SIM card, there's no need to copy it. The notion is as
ridiculous as a someone stealing an armored car full of money, then
copying the bills inside! And since the GSM networks allow only one call at a
time from any phone number, having multiple copies of a SIM is worthless.
As an additional level of security GSM operators have procedures in place
which would quickly detect and shut down attempted use of duplicate SIM
card codes on multiple phones.
Nevertheless, customers should protect their wireless phones and SIM
cards the same way they would protect their wallets and bank cards.
Subscribers who lose their phone or SIM card should report it immediately
to their wireless service company. The lost or stolen SIM can be de-activated
to prevent others from using the account.
3. There is no risk of over-the-air eavesdropping.
The level of encryption used by GSM makes over-the-air eavesdropping
nearly impossible. So far, no one claims that they can listen to the content of
conversations or monitor data transmitted over the air on the GSM
network, including governments and network operators. Confidentality of
GSM customer conversations remains intact and uncompromised.
4. The ability to copy a SIM card is nothing new.
It was always known that this could be done. Last weekend's announcement is
really no different from processes GSM providers use all the time to encode
smart chips. For several years now, educational institutions and scientific
laboratories have demonstrated the capability to extract data from, and
copy, smart cards. But it is an extremely complex task and would not
be practical for stealing wireless phone service. Besides, even if a handset or
SIM card were stolen, GSM operators have the ability and technological tools
to shut down fraudulent service quickly.
5. The key code which protects a subscriber identity is not "fatally flawed."
This is a somewhat complicated subject. There are two different key
codes: first, an authentication code - the A3 algorithm - that protects the
customer's identity; second, an encryption code - the A5 algorithm -
that ensures the confidentiality of conversations. It has been alleged that
the authentication code (A3 algorithm) is weakened because only 54 of the 64
bits are used, with 10 bits being replaced by zeroes. In reality, those
final 10 bits provide operators with added flexibility in responding to
security and fraud threats. Additionally, the GSM algorithm that the researchers
claimed to have broken is the "example" version provided by the
international organization that governs the use of GSM technology to its
approved carriers for them to create their own individual version. It may not
be what is deployed in the market. Several operators have already decided
to customize their codes, making them more sophisticated.
There has been some confusion about the various types of code used by
GSM. In addition to the 64-bit authentication cipher, there is a more
powerful voice encryption code (A5 algorithm) which helps keep
eavesdroppers from listening to a conversation. This code was not
involved in last weekend's announcement. Also, the speculation
that GSM's encryption algorithms have been deliberately weakened because of
pressure by the U.S. intelligence community is absolutely false.
Conclusion
While no human-made technology is perfect, customers can still rely on the
privacy features and security of GSM's transmission technology. It remains
the most secure commercial wireless communications system available
today. More than 80 million customers in 110 countries use GSM phones and
not one handset has been cloned since the first commercial service was
launched in 1992. North American GSM Alliance, L.L.C. is a consortium of U.S.
and Canadian digital wireless PCS carriers, which helps provide seamless
wireless communications for their customers, whether at home, in more
than 1,000 U.S. and Canadian cities and towns, or abroad. Using Global
Systems for Mobile (GSM) communications, GSM companies provide superior
voice clarity, unparalleled security and leading-edge wireless voice, data
and fax features for customers. Current members of the GSM Alliance include:
Aerial Communications, Inc., BellSouth Mobility DCS, Cook-Inlet Western
Wireless; Microcell Telecommunications Inc., Omnipoint Communications, LLC,
Pacific Bell Mobile Services, Powertel, Inc., and Western Wireless, Corp.,
which continue to operate their own businesses and market under their own
names.
ČLÁNKY DO MAILU