NEWS RELEASE, 3/19/97 Flaw found in cellphone encryption; algorithm for digital telephones fails under simple cryptanalysis

by Robert Sanders

Berkeley -- Researchers have discovered a flaw in the privacy protection in today's most advanced digital cellular phones, pointing to serious problems in the closed-door process used to develop these privacy measures. This discovery is a setback to the U.S. cellular telephone industry, said Bruce Schneier of Counterpane Systems, a Minneapolis, Minn., consulting firm specializing in cryptography. The attack can be carried out in a few minutes on a conventional personal computer. Schneier and John Kelsey of Counterpane Systems, along with graduate student David Wagner of the University of California at Berkeley, plan to publish their analysis in a paper entitled "Cryptanalysis of the Cellular Message Encryption Algorithm (CMEA)." Wagner is a founding member of the ISAAC (Internet Security, Applications, Authentication and Cryptography) computer security research group at UC Berkeley. In the fall of 1995 the ISAAC group, led by assistant professor of computer science Eric Brewer, made headlines by revealing a major security flaw in Netscape's web browser. The House of Representatives' Subcommittee on Courts and Intellectual Property is scheduled to hold hearings Thursday (3/20) on Rep. Robert Goodlatte's (R-VA) "SAFE" (Security And Freedom through Encryption) bill, HR 695, which would amend title 18 of the United States Code to affirm the rights of United States citizens to use and sell encryption and to relax export controls on encryption. The cellphone problem affects numbers dialed on the keypad of a cellular handset, including any telephone, PIN, or credit card numbers dialed. The new security system was supposed to protect the privacy of these dialed digits, but the encryption is weak enough that the digits are accessible to eavesdroppers with a digital scanner. The cryptographers blame the closed-door design process and excessive pressure from U.S. military interests for problems with the privacy standard. The cellular industry has attempted to balance these national security pressures with consumer privacy concerns. The new framework for protecting the next generation of cellular phones was designed privately by the cellular standards arm of the Telecommunications Industry Association (TIA) in an attempt to eliminate recurring security problems. The system uses encryption to prevent fraud, scramble voice communications, and protect users' privacy. The new protections are being deployed in today's digital cellphones, including CDMA, NAMPS and TDMA. As early as 1992, others -- including noted expert Whitfield Diffie -- pointed out fatal flaws in the new standard's voice privacy features. The two flaws provide a crucial lesson for policymakers and consumers, the researchers said. According to UC Berkeley's Wagner, these weaknesses are symptomatic of broad underlying problems in the design process. This is not the first report of security flaws in cellular telephony. Today, most cellular phone calls can be intercepted by anyone in the area listening to a scanner, as House Speaker Newt Gingrich learned this past January when someone with a scanner recorded one of his cellular calls. According to Federal Communications Commission estimates, the cellular telephony industry lost more than $400 million to fraud and security problems last year. CMEA is a symmetric cipher, like the Digital Encryption Standard (DES). It uses a 64-bit key, but weaknesses in the algorithm reduce the key to an effective length of 24 or 32 bits, significantly shorter than even the weak keys which the U.S. government allows for export. Greg Rose, program chair of the 1996 USENIX Security Symposium, put the results in context: "This break does not weaken the digital cellular fraud protections. And it's still true that digital cellular systems are much harder to casually eavesdrop on than analog phones. But it's clear from this break that a determined criminal with technical resources can intercept these systems." Counterpane Systems is a consulting firm based in Minneapolis, specializing in cryptography and computer security. Schneier is president of Counterpane and author of three books on cryptography and security. ### Bruce Schneier can be reached at 612-823-1098 or schneier@counterpane.com. David Wagner can be reached at 510-643-9435 or daw@cs.berkeley.edu. Or contact Lori Sinton, Jump Start Communications, 415-938-2234, lsinton@aol.com.