Clone for the Holidays

  • Share
  • Read Later
Just when you thought your new black-slab digital cell phone was safe from high-tech thieves hell-bent on calling Kuala Lumpur, a group of Silicon Valley cypherpunks have broken the proprietary encryption technology used in 80 million GSM (Global System for Mobile communications) phones nationwide, including Motorola MicroTAC, Ericsson GSM 900 and Siemens D1900 models.

What this means is that cell phone rustlers can now scan the airwaves, remotely tap into a call and even duplicate the cell phone's digital ID at will. As Marc Briceno, who organized the code-cracking, puts it: "We can clone the phones." What was the crypto technology's fatal weakness? Too much secrecy.

Security expert Bruce Schneier, author of Applied Cryptography, says the encryption algorithm used in the phones was pitifully weak because it was designed in secret. "Too many organizations equate secrecy with security," he says. "Relying on secrecy is always a mistake... If they went to me as a consultant I'd say, 'Don't be an idiot. Let's make this public.'" In other words, manufacturers should stick to publicly vetted codes that a bunch of bored geeks can't crack in their spare time.