Norway mobile network requires update - telecoms authority / News / The Foreigner

Norway mobile network requires update - telecoms authority. Implementing total anti-eavesdropping measures is currently impossible, but partially hindering certain types of spying is not a run race. The Oslo IMSI Catcher affair also shows a lack of understanding of the entire issue, security experts tell The Foreigner. “Norway’s mobile network has the highest encryption strength possible”, says Norwegian Communications Authority (NKOM) Director of Networks Department Einar Lunde, “but it will never be completely secure.” “This is because the GSM (Global System for Mobile Communications) standard is 25 years old. There are still inherent weaknesses in the system.”

spying, imsi, mobiles, politics, espionage, surveillance, paywall



The Foreigner Logo

The Foreigner is an online publication for English speakers living or who have an interest in Norway. Whether it’s a glimpse of news or entertainment you’re after, there’s no need to leave your linguistic armchair. You don’t need to cry over the demise of the English pages of Aftenposten.no, The Foreigner is here!

Norske nyheter på engelsk fra Norge. The Foreigner er en engelskspråklig internett avis for de som bor eller som er interessert i Norge.

Google+ Google+ Twitter Facebook RSS RSS



News Article

LATEST:

Norway mobile network requires update - telecoms authority

Published on Monday, 12th January, 2015 at 20:05 under the news category, by Michael Sandelson   .

Implementing total anti-eavesdropping measures is currently impossible, but partially hindering certain types of spying is not a run race. The Oslo IMSI Catcher affair also shows a lack of understanding of the entire issue, security experts tell The Foreigner.

Mobile base station (BTS)
A base transceiver station (BTS) is a piece of equipment that facilitates wireless communication between user equipment (UE) and a networkMobile base station (BTS)
Photo: Fsaeed1975/Wikimedia Commons


“Norway’s mobile network has the highest encryption strength possible”, says Norwegian Communications Authority (NKOM) Director of Networks Department Einar Lunde, “but it will never be completely secure.”

“This is because the GSM (Global System for Mobile Communications) standard is 25 years old. There are still inherent weaknesses in the system.”

Signal coverage, saturation, and other technological impediments are also part of the issue.

“For example, some mobile operators abroad and mobile manufacturers still use the lowest level of security in 2G. The Norwegian network has to be able to provide service to these customers, and the only way of 3G and 4G phones having as much coverage as possible is by being using this technology.

Using so-termed AES-256 bit encryption technology is not possible on the network. Not only is the technological infrastructure unsuited to this, but “you’d need huge amounts of processing capacity and powerful equipment to be able to do this,” explains Kim Schliekelmann, managing director of security specialists Seccom.

It is also impossible to prevent certain equipment from forcing mobiles down to 2G, which is the least secure because it only uses one-step verification and the simplest encryption standard.

The only verification required in this case is by the network, and the encryption can easily be broken.

“We’re currently looking into whether it’s technologically possible to introduce full two-step verification, both network and GSM standard-wide. 3G, 4G, and future 5G require the mobile to verify the network, and vice versa,” says NKOM’s Einar Lunde.

There are several other issues involved when it comes to anti-StingRay (man-in-the-middle) attacks, however, according to Seccom’s Kim Schliekelmann.

“Certain fake base stations can take over the mobile and tell it to turn encryption off, but there are also many operators in other countries that do not use the encryption standard implemented in GSM at all. They even turn it off at peak times such as Christmas to increase capacity.”

The current security concern discussion is not taking the whole issue into account either, says Mr Schliekelmann.

“And it’s not just about the encryption strength, either. The radio link communication between the cell phone and the base station (known as air interface) can have the highest encryption possible, but speech in the operators’ network is always transmitted as plain text,” he concludes.




Published on Monday, 12th January, 2015 at 20:05 under the news category, by Michael Sandelson   .

This post has the following tags: spying, imsi, mobiles, politics, espionage, surveillance, paywall.





  
Do NOT follow this link or you will be banned from the site!