Path: utzoo!utgpu!watserv1!ria!uwovax.uwo.ca!telecom-request From: yarvin-norman@cs.yale.edu (Norman Yarvin) Newsgroups: comp.dcom.telecom Subject: Re: Houston Chronicle Cellular Fraud Story Message-ID: Date: 15 Mar 91 04:42:13 GMT Sender: Telecom@eecs.nwu.edu Organization: TELECOM Digest Lines: 31 Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 208, Message 2 of 14 edtjda@magic322.chron.com (Joe Abernathy) writes: > The industry is fighting back as if for its life. Yet the response > is scattershot, with some entrepreneurial cellular companies leaving > security lax for the sake of quick profits. The above paragraph contradicts itself blatantly. Abernathy presumably has access to Usenet, and is possibly computer-literate. Why then doesn't he include the critical fact that the insecurity of cellular phone systems which his article mentions can be completely eliminated by the simplest of security arrangements? (i.e. not just blindly accepting new ESNs) There are of course more sophisticated attacks. Once cellular companies turn off the automatic enabling of new ESNs, thieves may take to stealing ESNs off the air. Even this can be prevented, but only by adding encryption, which would obsolete existing phones. Media accounts that I have seen uniformly fail to properly represent the ephemeral nature of the structures that are violated in phone/computer crime. These are not physical systems, whose structure -- and whose security -- is severely limited by costs of materials. If they do not include watertight security, that is because they were designed or are operated in violation of some very simple principles. Having real security is a minor nuisance to all involved, but both the picking up pieces after fraud and the blocking of calls where fraud is rampant are major nuisances. The sooner these basic aspects of computer security become a part of our society's common knowledge, the better.