Tuesday, July 10, 2007

Wait, Are You Talking to Me on a Cellular Phone?

(You probably remember that classic line from Pulp Fiction.)

I was reminded of Lance's annoyance with Vincent by a fascinating article on IEEE's Spectrum Online, which describes how Greece's cell phone system was severely compromised a few years ago. Details are still emerging, although the basic story has been out for a while. Apparently, someone with access to the central switch computers at the phone company added modifications to the system software. These modifications allowed all calls made on some specific phones to be copied, in effect, to other phones. It appears that quite a few government officials' phone conversations were thus available to a third party, probably for about a year.

John Markoff has a short summary, for those less interested in the details, but the full article is well worth reading, both for the historical and technical aspects. One particularly fascinating bit:

Modern GSM systems, such as Vodafone's, secure the wireless links with a sophisticated encryption mechanism. A call to another cellphone will be re-encrypted between the remote cellphone and its closest base station, but it is not protected while it transits the provider's core network.

Clearly, this decryption and re-encryption is in place to support phone tapping in general. Presumably, this is sometimes a legitimate thing to do.

Political snark aside, I also recommend the full article for its examination of the issues involved once the intrusion was detected. Many have criticized Vodaphone's immediate responses. On the other hand, there were clear desires to keep the system running and to secure the phones belonging to the Prime Minister, et al. The authors argue that a tendency to look for scapegoats in cases like this tends to worry the potentially liable party -- the phone company, in this case -- about fallout, and thus, motivates it to reach for quick fixes. The fixes in this case alerted the crooks and also destroyed much of the forensic data.

The authors' point of view here is a bit blue-sky, but their stance is nonetheless well worth considering. Given how everything is increasingly implemented through software these days, and given that the software is ever more complex, the creation of the software is ever more distributed, and connections between systems are ever more networked, we're in a position of truly all being in this together. I'm not saying we should completely do away with accountability, but I agree with their basic thesis that we need to evolve to a cooperative attitude of solving problems, rather than concentrating on finding someone to blame.

Of course, there is that problem about human beings evolving.

No comments:

ShareThis