Editing P2p mobile carriers (section)

= I know what you’re saying =

Not one, but '''multiple''' weaknesses have been found in phone encryption algorithms, they’ve literally been that bad [breaking-a1-3][snow-weaknesses][kasumi-attack]. Initially an algorithm called “A5/1” was used in 2G networks. The government produced a second version of it and named it “A5/2” - a '''deliberately weakened algorithm''' that made it easier to monitor communications. Researchers were able to break it within a month [a5-2], and today we’re all using an algorithm called “KASUMI” instead.

The communications industry has a long history of shutting out security researchers and ignoring problems until its too late. Case in point: look at A5/1. It was never officially published and had to be leaked to be studied [a5-1] because '''everyone knows that if you keep the details of your system a secret it means the system must be secure</sarcasm>.'''

Of course, the “security through obscurity” philosophy has been applied to other areas– most obviously in the authentication protocol that every phone on Earth runs. By convention, each operator is allowed to implement their own proprietary algorithms rather than relying on a standardised and battle-tested algorithm [carrier-milenage]. What could go wrong?

By the way, KASUMI still sucks [kasumi-attack][3g-4g-security], and its another reason why people shouldn’t roll their own crypto. What algorithm does the government use for voice encryption? It’s not KASUMI.

<span id="youll-never-catch-me-im-the-gingerbread-man"></span>