A cellular nightmare

-- THE world's latest digital cellular telephones, which are in the us, are not as
,secure' or 'private' as they were supposed to be. Their security technology
has been 'cracked' (breached). A team
of well-known computer-security
experts recently told the press in San
Francisco, California, that they had
cracked a key part of the electronic code
intended to protect the privacy of calls
made with the new digital generation of
cellular telephones in the us. The newly
developed digital system in the us is fast
replacing the existing 15-year-old cellular phone system. This news, however,
does not affect the international digital
cellular system, used widely outside the
us, including India, known as D/GSM,
which has tougher security.

The new us digital cellular telephones transmit streams of digital
information in a code similar to that of
computer data. The team of experts
includes Bruce Schneier, author of a
textbook on cryptography, John Kelsey,
of Counterpane Systems, a Minneapolis-based consulting firm, and Davie
Wagner, a University of California
researcher. They say that the new system
may not prevent eavesdropping any better than the analogue cellular phones,
which send voice and electronic patterns mimicking sound waves, that have
been in use for 15 years. Since digital
wireless network is increasingly coming
into use, the breaking ofthe digital code
confirms fears about privacy.

Communications industry technical
experts have been meeting to determine
whether it is too late to improve the system's protection mechanism. Grog
Ross, a software designer for Qualcomm
Inc, a leader in digital cellular systems,
said that fixing the flaw would be 'a
nightmare'. Tightening the security system would involve modifying the software already used in the computerised
network switching equipment, that
routes wireless digital telephone calls, as
well as the software within individual
phones, he added. Industry executives
acknowledge that steps have to be taken
to address the problem.

Independent security experts now
say that the code is easy enough to crack
and that anyone with sufficient technical skills and a desktop computer can
make, and sell a monitoring device that
would be easy to use, according to a
report in the New York Times. Such a
device would enable the scanning of
hundreds ofwireless channels, to eavesdrop electronically on any digital call
within a range of 300 metres to several
kilometres. As with current cellular
technology, if a person were the target of
an eavesdropper, the device could be
programmed to listen for any nearby
digital call to that person's telephone
number. Other possible transgressions
would include using the device to auto-
matically 'harvest' all calling-card or
credit-card data transmitted on nearby
digital wireless phones.

Because of a loophole in the us
Communications Act of 1934, making
and selling such devices would not be
illegal in the us, even though using
one would technically be against the
law. These monitoring devices are
not yet available, but security experts
said a thriving 'grey' market was certain
to develop; and with technical details
of the security system already circulating on the Internet, instructions
for cracking it will almost certainly
make their way into the computer underground.