Developers of the worlds most popular mobile phone standard will design their next set of security specifications in public, setting the stage for what experts predicted will be an effectively snoop-proof cell phone.
Although developers have yet to even choose which voice- and data-scrambling algorithm will be the successor to the widely criticized global system for mobile communications (GSM) standard, the result promises to be the best ever, some experts said, since activist cryptographers will be able to examine the regime and find flaws before it is installed in millions of handsets.
“What were seeing is a move towards openness in companies and groups providing technology thats used for infrastructure, especially things like the telephone system,” said Ian Goldberg, chief scientist at Zero-Knowledge Systems.
Goldberg, together with fellow cryptographers David Wagner and Marc Briceno, broke the COMP 128 algorithm used to prevent cloning of GSM handsets in April 1998. Since cloning lets hackers masquerade as other cell phone users, the crack meant the trio had, in theory at least, the ability to listen to any conversation that took place over the targeted phone.
Phone industry officials scoffed at the claim, saying the attack would not work under real-world conditions because it required, among other things, physical access to the “smart card” inserted into targeted phones.
Still, the attack left no doubt that cryptographers were closing in on breaking an algorithm that had been developed in secret. Had the standard been done in the open, experts said, public scrutiny would surely have uncovered the flaw before it went out to consumers.
Janos A. Csirik, a mathematician at AT&T Labs-Research, is monitoring the progress of the work on the standard. At this point, he said, theres no telling how good the new 3rd Generation Partnership Project security will be when completed. Nonetheless, he predicted wide and active interest in the project.