Bugtraq mailing list archives
Re: otp - the next generation
From: Casper Dik <Casper.Dik () SUN COM>
Date: Fri, 23 Mar 2001 11:21:06 +0100
1) AFAIK mobile communications are *not* encrypted. This means that... yes, you guessed it. It is more difficult than the average wire-sniff attack but only because there are fewer tools out there from the likes of tcpdump(1).
Actually, GSM communications *are* encrypted; though you cannot find out usually whether the provider uses encryption as it's optional, most do. Th eencryption has been successfully cryptanalyzed. There is a substantial extra effort required beyond picking the signal out of the air.
2) Also, all SMS-es go through the mobile service provider's SMS center or whatever it is called in English. If the phone you are authenticating to belongs to a different provider, than even two such centers are used. Of course, manipulating messages (or even just reading them) there would require access to the GSM providers infrastructure, but it is another facet you shouldn't neglect.
The communications inside the cell are encrypted; but as soon as you hit wires or microwave links, your traffic is no longer encrypted. (The US and presumably others have lots of satellites listening in to microwave links by hanging on the horizon catching leaked signals)
This, of course, is nothing new:-) But in this wireless age when mobile communications is becoming more and more important I guess we'll need a new approach to security and soon such statements will be as routine as "telnet transmits passwds in the clear" is now. But until then it never hurts to repeat them:-)
"When we said that you needed to cut the wires for ultimate security, we didn't mean that you should go wireless instead." Casper
Current thread:
- otp - the next generation Lukasz Luzar (Mar 22)
- Re: otp - the next generation Szilveszter Adam (Mar 23)
- Re: otp - the next generation Casper Dik (Mar 23)
- Re: otp - the next generation Denis A. Doroshenko (Mar 23)
- Re: otp - the next generation Gregory Steuck (Mar 23)
- Re: otp - the next generation Tollef Fog Heen (Mar 23)
- Re: otp - the next generation Ben Laurie (Mar 23)
- Re: otp - the next generation Dag-Erling Smorgrav (Mar 23)
- Re: otp - the next generation Tristam Fenton-May (Mar 23)
- <Possible follow-ups>
- Re: otp - the next generation Elias Levy (Mar 23)
- Re: otp - the next generation Szilveszter Adam (Mar 23)