Interesting People mailing list archives
IP: Cell Phone insecurity -- RE: Security Czar Points Finger of Blame (should beat Governments)
From: Dave Farber <dave () farber net>
Date: Sat, 03 Aug 2002 12:09:15 -0400
------ Forwarded Message From: "the terminal of Geoff Goodfellow" <geoff () iconia com> Date: Sat, 3 Aug 2002 17:55:16 +0200 To: <farber () cis upenn edu> Subject: Cell Phone insecurity -- RE: Security Czar Points Finger of Blame (should beat Governments) Re: Cell phone insecurity (vs. email, the internet, etc.) i can speak from ground zero regarding the history and lack of cell phone insecurity. i was there, in the early 80's, in a non-smoke filled room at the EIA headquarters in Washington DC, trying to fix the problem before it became one. I will never forget that day. I was on the TR-45.2 committee dealing with "back end" issues such as automatic roaming at the time. I was told (in)security issues needed to be addressed by the TR-45.1 air interface "front end" committee. So, on the day of presentation of the insecurity issues to the TR-45.1 group, I'll never forget how i was told (along with colleague Bob Jesse) or rather scolded, by the AT&T's rep (Jerry Baker if i recall correctly) that it was not to be a problem! The rep from Ericsson suggested we should re-arrange (scramble) the digits around to make it more difficult!! Use strong encryption? Naaaaah. Forget it! The TR-45.1 committee just didn't see security as being a problem or an issue worth triffeling with -- thinking that the IS-3 CELLULAR SYSTEM MOBILE STATION - LAND STATION COMPATABILITY SPECIFICATION as it was known at the time -- was just fine with its Electronic Serial Number (ESN) security and the spec surely didn't need to be changed for the sake of "better security". Astute colleagues Robert Jesse and Andrew Lamothe and I were just flabbergasted by the naivete and just plain uncaring attitude of The Big Equipment Vendors who were committed to burden their customers, the cellular carriers, with future multi-zillion dollar loss exposure from FRAUD! As a result of the total disinterest on the part of EIA TR-45.1 Big Vendors, we 3 set about to do what just about anyone does when their logic and reasoning is ignored in private -- you go public! As a result, we co-authored the first article on the lack of cell phone security -- November 1985 -- which i just found via Google: THE ELECTRONIC SERIAL NUMBER: A CELLULAR 'SIEVE'? 'SPOOFERS' CAN DEFRAUD USERS AND CARRIERS http://mirror.lcs.mit.edu/telecom-archives/archives/cellular/cellular.sieve It looks at the history of the lack of security in mobile telephony and, how we predicted, when it was written in 1985, that cellular would be no more secure than its predecessors. Furthermore, we proposed what Should Be Done to nip the coming problem in proverbial bud. I'm sad to say it fell on deaf ears or went right over the heads the industry at the time. No one did anything and The rest, as they say, is history! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- geoff.goodfellow () iconia com * Prague - CZ * telephone +420 603 706 558 "success is getting what you want & happiness is wanting what you get" http://www.nytimes.com/library/tech/99/01/biztech/articles/17drop.html http://www.tapsns.com/members-bio/geoff-goodfellow.shtml -----Original Message----- From: owner-ip-sub-1 () admin listbox com [mailto:owner-ip-sub-1 () admin listbox com]On Behalf Of Dave Farber Sent: Saturday, August 03, 2002 4:10 PM To: ip Subject: IP: Security Czar Points Finger of Blame (should beat Governments) For years , many of us have been fighting the GovernmentS desire to restrict cryptography endlessly warning them that the inability to use strong encryption (or in some places any) weakens the security of the electronic world. Yet endlessly we have seen attempts to control the use of cryptography or so weaken it as to be ineffective. Our cell phones are insecure, our email is insecure and worse our internet is painfully insecure. Our computer systems and their software are so insecure as to be laughable. I only hope Clarke can change that attitude but I doubt it. The position of law enforcement has been and will, I suspect remain, that strong encryption and secure systems makes it hard to catch crooks so we will all continue to live in cyber-houses without locks and suffer . Dave ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Cell Phone insecurity -- RE: Security Czar Points Finger of Blame (should beat Governments) Dave Farber (Aug 03)