What this means is that cell phone rustlers can now scan the airwaves, remotely tap into a call and even duplicate the cell phone's digital ID at will. As Marc Briceno, who organized the code-cracking, puts it: "We can clone the phones." What was the crypto technology's fatal weakness? Too much secrecy.
Security expert Bruce Schneier, author of Applied Cryptography, says the encryption algorithm used in the phones was pitifully weak because it was designed in secret. "Too many organizations equate secrecy with security," he says. "Relying on secrecy is always a mistake... If they went to me as a consultant I'd say, 'Don't be an idiot. Let's make this public.'" In other words, manufacturers should stick to publicly vetted codes that a bunch of bored geeks can't crack in their spare time.