1997-03-20 - Cell Phone Code Cracked

Header Data

From: John Young <jya@pipeline.com>
To: cypherpunks@toad.com
Message Hash: cc042bcdd58160c44a67265a71c7a3798d5c1ad51895b66569d4d7c853077260
Message ID: <1.5.4.32.19970320121221.006edfa4@pop.pipeline.com>
Reply To: N/A
UTC Datetime: 1997-03-20 12:20:04 UTC
Raw Date: Thu, 20 Mar 1997 04:20:04 -0800 (PST)

Raw message

From: John Young <jya@pipeline.com>
Date: Thu, 20 Mar 1997 04:20:04 -0800 (PST)
To: cypherpunks@toad.com
Subject: Cell Phone Code Cracked
Message-ID: <1.5.4.32.19970320121221.006edfa4@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


For details of the crack see the cryptographers' press release at: 

   http://www.counterpane.com/cmea.html

The New York Times, March 20, 1997, pp. A1, D2.

Code Set Up to Shield Privacy Of Cellular Calls Is Breached
 
By John Markoff

San Francisco, March 19 -- A team of well-known computer
security experts will announce on Thursday that they have
cracked a key part of the electronic code meant to protect the
privacy of calls made with the new, digital generation of
cellular telephones.

The announcement, intended as a public warning, means that --
despite their greater potential for privacy protection -- the
new cellular telephones, which transmit streams of digital
information in code similar to computer data, may in practice
be little more secure from eavesdropping than the analog
cellular phones, which send voice as electronic patterns
mimicking sound waves, that have been in use the last 15
years.

It was such eavesdropping, for example, that caused trouble
for Newt Gingrich when a Florida couple listened to his
cellular phone conversation in December about the
Congressional ethics inquiry.

Now that digital wireless networks are coming into use around
the nation, the breaking of the digital code by the team of
two computer security consultants and a university researcher
confirms fears about privacy that were raised five years ago
when the communications industry agreed under Government
pressure to adopt a watered-down privacy technology.

Several telecommunications industry officials said the
pressure came from the National Security Agency, which feared
that stronger encryption technology might allow criminals or
terrorists to conspire with impunity by cellular phones.

But independent security experts now say that the code is easy
enough to crack that anyone with sufficient technical skills
could make and sell a monitoring device that would be as easy
to use as a police scanner is.

Such a device would enable a listener to scan hundreds of
wireless channels to listen in randomly on any digital call
within a radius ranging from 1,000 feet to a number of miles.
Or, as with current cellular technology, if a specific person
was the target of an eavesdropper, the device could be
programmed to listen for any nearby digital call to that
person's telephone number.

Other possible transgressions would include using the device
to automatically harvest all calling card or credit-card data
transmitted with nearby digital wireless phones.
And, because of a loophole in the Communications Act of 1934,
making and selling such devices would not be illegal, though
actually using one would technically be against the law.

These monitoring devices are not yet available, but security
experts said that a thriving gray market was certain to
develop. And with technical details of the security system
already circulating on the Internet instructions for cracking
it will almost certainly make their way into the computer
underground, where code breaking and eavesdropping are pursued
for fun and profit.

Technical details of the security system were supposed to be
a closely guarded secret, known only to a tight circle of
industry engineers. But the researchers performed their work
based on technical documents that were leaked from within the
communications industry and disseminated over the Internet
late last year.

"The industry design process is at fault," said David Wagner,
a University of California at Berkeley researcher who was a
member of the team that broke the code. "We can use this as a
lesson, and save ourselves from more serious vulnerabilities
in the future."

Communications industry technical experts, made aware of the
security flaw earlier this year, have been meeting to
determine whether it is too late to improve the system's
privacy protections. Already the digital technology is in use
in metropolitan areas, including New York and Washington,
where either the local cellular networks have been modified to
support digital technology or where new so called wireless
personal communications services are being offered.

"We're already in the process of correcting this flaw," said
Chris Carroll, an engineer at GTE Laboratories, who is
chairman of the industry committee that oversees privacy
standards for cellular phones.

But Greg Rose, a software designer for the Qualcomm Inc. a
leader in digital cellular systems said that fixing the flaw
would be "a nightmare." Tightening the security system, Mr.
Rose said, would involve modifying software already used in
the computerized network switching equipment that routes
wireless digital telephone calls, as well as the software
within individual phones.

Currently, about 45 million Americans have cellular phones,
though most of them so far are based on an older analog
standard that offers no communications privacy. But cellular
companies are gradually converting their networks to the new
digital standard, and the new personal communications services
networks going into operation around the country also employ
the digital encryption system. Nearly a million P.C.S. phones
have been sold in the United States, according to cellular
industry figures.

Besides Mr. Wagner, the other researchers who cracked the code
were Bruce Schneier and John Kelsey of Counterpane Systems, a
Minneapolis consulting firm. Mr. Schneier is the author of a
standard textbook on cryptography.

The new digital wireless security system, which was designed
by cellular telephone industry engineers was never intended to
stop the most determined wiretappers.

But because digital calls are transmitted in a format
corresponding to the one's and zero's of computer language,
they are more difficult to eavesdrop on than conventional
analog calls, which are transmitted in electronic patterns.
And digital calls protected with encryption technology --
basically a mathematical formula in the software that
scrambles the signal -- would be all the harder for a third
party to listen to surreptitiously.

Because the encryption system that the industry adopted in
1992 was deliberately made less secure than many experts had
recommended at the time, privacy rights advocates have been
warning since that the code could be broken too easily. An
announcement Thursday that the code has indeed been cracked
would seem to bear out those concerns.

"This should serve as a wake-up call," said James X. Dempsey,
senior staff counsel for the Center for Democracy and
Technology, a public interest group. "This shows that
Government's effort to control encryption technology is now
hindering the voice communications industry as well as the
data and electronic communication realm."

Industry executives acknowledged that steps must be taken to
address the problem.

"We need strict laws that say it is illegal to manufacture or
to modify a device which is designed to perpetrate the illegal
interception of P.C.S. telephone calls," said Thomas E.
Wheeler, president of the Cellular Telephone Industry
Association, a Washington-based trade group.

Mr. Wheeler said the weaker privacy technology had been
adopted not just to appease the Government but because makers
of wireless communications hardware and software wanted to
embrace a technical standard that would meet export
regulations. Those rules, based on national security
considerations, sharply curtail the potency of American-made
encryption technology.

The three computer researchers who broke the code belong to an
informal group of technologists who believe strongly that
powerful data-scrambling technologies are essential to protect
individual privacy in the information age. These
technologists, who planned to release their findings in a news
release on Thursday, argue that the best way to insure that
the strongest security codes are developed is to conduct the
work in a public forum. And so they are sharply critical of
the current industry standard setting process which has made
a trade secret of the underlying mathematical formulas used to
create the security codes.

"Our work shows clearly why you don't do this behind closed
doors," Mr. Schneier said. "I'm angry at the cell phone
industry because when they changed to the new technology, they
had a chance to protect privacy and they failed."

Mr. Carroll, head of the industry's privacy committee, said it
planned to revise the process for reviewing proposed technical
standards.

[End]








Thread