From: “Philippe Nave” <pdn@dwroll.dw.att.com>
To: MIKEINGLE@delphi.com (Mike Ingle)
Message Hash: e04362ddb864581dd48a642357ea4879fae4ec1f34da90df34e4ecc1b80073d0
Message ID: <9401101839.AA27426@toad.com>
Reply To: <01H7HW21PVZ68WYKRH@delphi.com>
UTC Datetime: 1994-01-10 18:41:34 UTC
Raw Date: Mon, 10 Jan 94 10:41:34 PST
From: "Philippe Nave" <pdn@dwroll.dw.att.com>
Date: Mon, 10 Jan 94 10:41:34 PST
To: MIKEINGLE@delphi.com (Mike Ingle)
Subject: Re: Crypto not being used where needed
In-Reply-To: <01H7HW21PVZ68WYKRH@delphi.com>
Message-ID: <9401101839.AA27426@toad.com>
MIME-Version: 1.0
Content-Type: text/plain
Mike Ingle writes :
>
> At CES someone was showing a cellular credit card machine. It had an
> antenna and a regular card reader, and was battery powered, so it could
> be used anywhere. The machine was designed to be used in taxicabs,
> at swapmeets, and wherever there were no phone lines available.
>
> I asked the rep about its security - does it use encryption? No, it does
> not use encryption. It sends your credit card number and expiration date
> over the cellular link in clear. Most credit card machines use low-speed
> modems which are trivial to intercept. This one is probably no exception.
> Here is a case where DES is badly needed and not being used. If this
> machine becomes popular, thieves will be trailing taxicabs with scanners
> and tape recorders.
>
Although I sincerely agree that the data should be encrypted, is it really
that easy to intercept cellular phone calls? I thought you had to go to
considerably more effort than programming a scanner to pick up these
transmissions - I don't know much about cellular phones, but I thought they
hopped frequencies and so forth such that it was a real pain to listen in.
The reason I ask is that I have a buddy who works for local law enforcement.
His group is about to roll out a network of laptops in their cars, linked
by modem to the AS/400 that serves as their gateway to NCIC. We've talked
about how easy it is to intercept/spoof transmissions in the clear on a
single channel, but we both figured it would be considerably more difficult
to intercept cellular calls. Given the level of understanding of the fuzz,
they'll probably slap a Hayes modem on their Barney Fife Cop Car Radios
anyway, and I'll gleefully try to trap their transmissions.... just as an
exercise, of course, to educate them as to the error of their ways...
Seriously, folks, this issue is a valid one. If [insert favorite bogeyman
here] can dial a scanner and pick up credit card numbers, vehicle and
driver's license data, and criminal histories, our privacy is due for
another beating. The way I got my friend's attention was to ask whether the
police department is liable for revealing private information - in other
words, if Charles Manson grabs my license data off the cops' data net, can
I sue the cops?
--
........................................................................
Philippe D. Nave, Jr. | The person who does not use message encryption
pdn@dwroll.dw.att.com | will soon be at the mercy of those who DO...
Denver, Colorado USA | PGP public key: by arrangement.
Return to January 1994
Return to ““Philippe Nave” <pdn@dwroll.dw.att.com>”