GSM MoU Association Response to Cloning

29 December 2009. GSM A5 Files Published on Cryptome
21 April 1998
Thanks to RH
Date: Tue, 21 Apr 1998 06:24:09 -0500
To: jya@pipeline.com
From: RH
Subject: GSM MoU Association response

John:

I thought this might be of interest to you for possible posting. A friend
who works for Giesecke Devrient, (a German Smartcard manufacturer, among
other things), and who is generally reliable, sent it to me.


=================

Liebe Kollegen,
     
die MoU hat mit einer offiziellen Press Release geantwortet (Quelle: 
www.gsmworld.com)["gsmworld.com" defunct; try: www.gsmmou.org]
     
The GSM MoU Association Responds To Recent Claims Of Compromise To GSM 
Security 
     
The GSM MoU Association, which represents the world's GSM* network 
operators, regulators and administrative bodies from 109 
countries/areas of the world, has received reports from the US which 
claim that the security provided by the GSM SIM** card may have been 
compromised. 
     
The recent, unsubstantiated, reports concern the mathematical code 
(A3) used to provide authentication within the GSM smartcard. 
     
Charles Brookson, Chairman of the GSM MoU Association's Security Group 
said: "The Association's members have been aware of reported attempts 
to compromise this element of GSM security. It has been alleged that, 
through a long process of trial and error, an individual user's secret 
key code may be discovered." 
     
"It is important to stress that this would only be feasible where the 
hacker has the card in their physical possession. If achieved, it 
would only compromise that one card and it is not practical to achieve 
over the airwaves by eavesdropping, so GSM mobiles cannot be 'cloned' 
(copying the users identity) in the manner of analogue phones." 
     
"There is no significant breach of security here," added Brookson. 
"Compromising the A3 algorithm does not, in itself present a 
significant threat to GSM security overall." 
     
"Furthermore, the GSM algorithm the students are claiming to have 
broken is the example algorithm provided to our members for them to 
create their own individual version. 
     
"Our customers can be assured that GSM remains a secure technology 
with standards of security greater than any other mobile public 
network," said Brookson. 
     
- ends -
April 15, 1998 
     
For more information, please contact: 
     
Mark Smith Mary King Companycare Communications Ltd GSM MoU 
Association Tel: +44 118 958 2031 Tel: +353 1 269 5922 Fax: +44 118 959 
9595 Fax: +353 1 269 5958 Email: mark@companycare.com Email: 
marketing@gsmmou.org