A cellular nightmare

A team of security experts crack the code, and digital cell-phones will never be the same again

Published: Tuesday 15 July 1997

-- THE world's latest digital cellular telephones, which are in the us, are not as ,secure' or 'private' as they were supposed to be. Their security technology has been 'cracked' (breached). A team of well-known computer-security experts recently told the press in San Francisco, California, that they had cracked a key part of the electronic code intended to protect the privacy of calls made with the new digital generation of cellular telephones in the us. The newly developed digital system in the us is fast replacing the existing 15-year-old cellular phone system. This news, however, does not affect the international digital cellular system, used widely outside the us, including India, known as D/GSM, which has tougher security.

The new us digital cellular telephones transmit streams of digital information in a code similar to that of computer data. The team of experts includes Bruce Schneier, author of a textbook on cryptography, John Kelsey, of Counterpane Systems, a Minneapolis-based consulting firm, and Davie Wagner, a University of California researcher. They say that the new system may not prevent eavesdropping any better than the analogue cellular phones, which send voice and electronic patterns mimicking sound waves, that have been in use for 15 years. Since digital wireless network is increasingly coming into use, the breaking ofthe digital code confirms fears about privacy.

Communications industry technical experts have been meeting to determine whether it is too late to improve the system's protection mechanism. Grog Ross, a software designer for Qualcomm Inc, a leader in digital cellular systems, said that fixing the flaw would be 'a nightmare'. Tightening the security system would involve modifying the software already used in the computerised network switching equipment, that routes wireless digital telephone calls, as well as the software within individual phones, he added. Industry executives acknowledge that steps have to be taken to address the problem.

Independent security experts now say that the code is easy enough to crack and that anyone with sufficient technical skills and a desktop computer can make, and sell a monitoring device that would be easy to use, according to a report in the New York Times. Such a device would enable the scanning of hundreds ofwireless channels, to eavesdrop electronically on any digital call within a range of 300 metres to several kilometres. As with current cellular technology, if a person were the target of an eavesdropper, the device could be programmed to listen for any nearby digital call to that person's telephone number. Other possible transgressions would include using the device to auto- matically 'harvest' all calling-card or credit-card data transmitted on nearby digital wireless phones.

Because of a loophole in the us Communications Act of 1934, making and selling such devices would not be illegal in the us, even though using one would technically be against the law. These monitoring devices are not yet available, but security experts said a thriving 'grey' market was certain to develop; and with technical details of the security system already circulating on the Internet, instructions for cracking it will almost certainly make their way into the computer underground.

Subscribe to Daily Newsletter :

Comments are moderated and will be published only after the site moderator’s approval. Please use a genuine email ID and provide your name. Selected comments may also be used in the ‘Letters’ section of the Down To Earth print edition.