The doghouse: GSM Association
It turns my stomach to see how antiquatedly defensive and counter-productive is the GSM Association's response to the recent cracking of GSM encryption:
Using the codebook, a "beefy gaming computer and $3,000 worth of radio equipment" would allow anyone to decrypt signals from the billions of GSM users around the world, he said.It looks like GSMA has a mindset stuck in 1995, completely failing to notice the evolution of security attitudes that happened in the software industry. They employ the classic approach of (1) shoot the messenger, (2) downplay the problem, (3) claim they're "working" on a solution:
Signals could be decrypted in "real time" with $30,000 worth of equipment, Mr Nohl added.
The GSM Association (GSMA), which devised the algorithm and oversees development of the standard, said Mr Nohl's work would be "highly illegal" in the UK and many other countries.Security research should not be illegal anywhere, and the proper response to a vulnerability is to fix it. Immediately; not at some convenient time, far in the future.
[T]he GSMA dismissed the worries, saying that "reports of an imminent GSM eavesdropping capability" were "common".
It said that there had been "a number" of academic papers outlining how A5/1 could be compromised but "none to date have led to a practical attack".
The association said that it had already outlined a proposal to upgrade A5/1 to a new standard known as A5/3 which was currently being "phased in".
"All in all, we consider this research, which appears to be motivated in part by commercial considerations, to be a long way from being a practical attack on GSM," the spokeswoman said.