Cellular Telephone Industry Response
Encryption of Digital Wireless Phones
Today, a group of professional and academic cryptographers will announce that it has "discovered a flaw in the privacy protection used in today's most advanced digital cellular phones." Following is a set of questions and answers that arise from that announcement.
Q. Does this mean that eavesdroppers can listen in on my phone calls?
A. No. The encryption discussed by the researchers involves the algorithm used to encrypt numbers punched on the keypad of a phone, not the algorithm used to encrypt voice transmissions.
Q. Is it easy to break this keypad number code?
A. Not at this time. It involves very sophisticated cryptological knowledge. The digital encryption system now in use is designed to inhibit interception by the unsophisticated. Any technology developed by one person can be broken by another with the application of sufficient technology. This announced attack requires multiple minutes—up to hours—of high speed computer processing to break a coded message.
Q. What is the impact of this announcement on people who now use wireless phones?
A. Virtually none. Approximately 95 percent of the wireless phones now being used are analog phones, not digital phones. The possible impact of this announcement is only relevant to some digital phones that are now being introduced to the market.
Q. Why didn't the wireless phone industry develop phones that have unbreakable security?
A. Standards for phone technology are developed within the confines of federal regulations and the realities of the marketplace. A wireless phone is a consumer product, not a spy v. spy technology adequate for national security. Such a unit would have cost, battery life and call set-up times which would make it unacceptable to consumers.
Q. Does this announcement have any impact on the industry's efforts to stop phone cloning?
A. No. During the past year, the industry has been very successful in introducing new technologies that prevent phone cloning. These authentication and "fingerprinting" technologies operate differently and are not compromised by the cryptography announced today.
Q. What is the industry doing about this problem?
A. Tom Wheeler, the president and CEO of CTIA, testified before Congress on February 5, about the need to strengthen the laws protecting the security of wireless phone calls. It is currently illegal to intentionally intercept a wireless phone call. Unfortunately, whereas federal law prohibits the sale and manufacture of devices designed to eavesdrop on wireless calls, it does not extend the prohibition to cordless phones and the newer digital frequencies. In regard to today's announcement, Wheeler said, "This is the horse nudging at the barn door and it is time to act before the horse is gone completely."
CTIA is the international association for the wireless telecommunication industry. It represents more PCS and cellular carriers than any other association in the world.
INTERNET USERS. News about the wireless telecommunications industry is updated several times each day on CTIA's World Wide Web site (http://www.wow-com.com). CTIA news releases and other information also are available an WOW-COM.
NOTE: The cryptography researchers are Bruce Schneier, Counterpane Systems, 612-823-1098; Robert Sanders, University of California, Berkeley, 510-643-6998; David Wagner, University of California, Berkeley, 510-643-9435; and Lori Sinton, Jump Start Communications, 415-938-2234.
CONTACT: For more information, please contact Tim Ayers, 202-736-3203, or Jeffrey Nelson, 202-736-3207, both of CTIA.
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.