On Tue, Sep 09, 2003 at 04:22:19PM +0200, Rainer Gerhards wrote:
| It was in the media over here in Germany some days ago. It seems to be a
| fundamental flaw in the GSM design. AFIK, the attacker pretends to be a GSM
| base station and can receive the call via a cell handover. Using this
| technology, it would also possible to call "in the name of" (with the caller id
| of) any victim that comes close enough to the fake base station. It was said
| that the GSM providers do not really care because a) it would be to hard to set
| up the equipment and b) it would probably to expensive for the operators to fix
| this ;)
don't forget c) it's revenue, and if the thieves use it to pass their
bills for calling the most expensive countries on earth onto random
passers-by, its not the telco's problem, is it? They're using
"Industry standard" security.
This is like the (AT&T?) voice mail frauds that were costing people
thousands of dollars for choosing poor passwords for their voice
mail. Until it hits a certain level, its just revenue enhancement
through poor security.
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
