Prague, 15 April 1998 (RFE/RL) -- Computer security engineers in the United States say they have "cloned" a digital cellular telephone in a way that eventually could allow criminals to make free calls at the expense of legitimate users.
The researchers say the fault they found in the so-called GSM encryption system also suggests that the code was deliberately weakened to allow government surveillance of calls on digital mobile phones. The announcement has cast fresh doubts on claims by major telecommunication firms that their GSM services are tamperproof.
GSM is the world's most widely used encryption system for cellular telephones. About 80 million cellular phones currently rely on GSM encryption.
GSM also has been growing in importance in Central and Eastern Europe during the last five years. The European Bank for Reconstruction and Development (EBRD) says cellular phones have been vital to the development of business, because of long waiting times for access to landline-phone networks. Reports also suggest that GSM use has become common among organized crime syndicates in Central and Eastern Europe.
In Russia, GSM has been promoted by firms like US West Inc. as a safe alternative to the older analog mobile phones. The analog system has been attacked by computer hackers, who discovered a way to extract and "clone," or replicate, a caller's security code through the airwaves, while a call was being made. But, unlike the fault in the analog system, the GSM code crackers say they must first possess a GSM subscriber's phone in order to copy his identification code. They say the code can be taken from the so-called SIM card, a device shaped like a credit card inserted into a GSM phone that identifies each customer to the telephone company when they make a call.
David Wager, a 23-year-old graduate student at the University of California at Berkeley who helped crack the GSM code, says once a SIM card has been copied, its information can be stored on a computer or a simple hand-held electronic organizer. He said that when the computer is connected to a phone, the cellular network interprets the calls as being made by an authentic customer.
The New York Times says the most intriguing development is speculation that the GSM code may have been intentionally weakened to allow government agencies to eavesdrop on cellular telephone conversations. The key to the GSM code is a 64-bit encryption system that normally would be very difficult to decipher. But the researchers at Berkeley say they've discovered that the last ten digits of the code were all zeros.
Marc Briceno, director of a computer programmers' organization called the Smartcard Developers Association, says the weakened code could allow the powerful computers of national intelligence agencies quickly to decode a GSM conversation. Briceno says he can think of no other reason that the code would have been intentionally weakened.
The New York Times report says rumors are common within the computer industry about encryption designers, who have been persuaded or forced by government agencies to weaken communications security systems or to install secret 'backdoors' (access).
But, other than the recent hints of an intentionally weakened system, there has been little evidence to support speculation that the U.S. government has been involved in such efforts.
The New York Times quotes industry experts as saying that the GSM algorithms are thought to have originated in either Germany or France, rather than the United States, in 1986 or 1987. Nevertheless, details about the origins of the system remain hazy.
Meanwhile, executives in the cellular telephone industry say the newly discovered flaw in the GSM system actually reinforces their claims about the security of digital cellular phones.
George Schmidt, the president of the U.S. firm Omnipoint Communications, emphasized that there is not a way to extract GSM codes from the airwaves during use. Schmidt says the integrity of the GSM system has not been damaged and the GSM phone users are not at risk.
