29 December 2009. GSM A5 Files Published on Cryptome
21 April 1998
Thanks to RH
Date: Tue, 21 Apr 1998 06:24:09 -0500 To: jya@pipeline.com From: RH Subject: GSM MoU Association response John: I thought this might be of interest to you for possible posting. A friend who works for Giesecke Devrient, (a German Smartcard manufacturer, among other things), and who is generally reliable, sent it to me. ================= Liebe Kollegen, die MoU hat mit einer offiziellen Press Release geantwortet (Quelle: www.gsmworld.com)["gsmworld.com" defunct; try: www.gsmmou.org] The GSM MoU Association Responds To Recent Claims Of Compromise To GSM Security The GSM MoU Association, which represents the world's GSM* network operators, regulators and administrative bodies from 109 countries/areas of the world, has received reports from the US which claim that the security provided by the GSM SIM** card may have been compromised. The recent, unsubstantiated, reports concern the mathematical code (A3) used to provide authentication within the GSM smartcard. Charles Brookson, Chairman of the GSM MoU Association's Security Group said: "The Association's members have been aware of reported attempts to compromise this element of GSM security. It has been alleged that, through a long process of trial and error, an individual user's secret key code may be discovered." "It is important to stress that this would only be feasible where the hacker has the card in their physical possession. If achieved, it would only compromise that one card and it is not practical to achieve over the airwaves by eavesdropping, so GSM mobiles cannot be 'cloned' (copying the users identity) in the manner of analogue phones." "There is no significant breach of security here," added Brookson. "Compromising the A3 algorithm does not, in itself present a significant threat to GSM security overall." "Furthermore, the GSM algorithm the students are claiming to have broken is the example algorithm provided to our members for them to create their own individual version. "Our customers can be assured that GSM remains a secure technology with standards of security greater than any other mobile public network," said Brookson. - ends - April 15, 1998 For more information, please contact: Mark Smith Mary King Companycare Communications Ltd GSM MoU Association Tel: +44 118 958 2031 Tel: +353 1 269 5922 Fax: +44 118 959 9595 Fax: +353 1 269 5958 Email: mark@companycare.com Email: marketing@gsmmou.org