wifi and security?

TM is coming out with phone devices that can transition from tower to wifi
access point. I wonder what kind of security in involved in the phone to
prevent:

- phone id (number, etc) theft

- interception and decoding of the call

Unless I learn more about the wifi security, I'll trust the tower over
wifi.

Scott

In article <46a0d5cd$0$494$b45e6eb0@senator-bedfellow.mit.edu>, Scott
Ehrlich <scott@mit.edu> wrote:

> TM is coming out with phone devices that can transition from tower to wifi
> access point. I wonder what kind of security in involved in the phone to
> prevent:

This is called T-Mobile@home. I'm not sure when it hits retail. And
you'll have to have a capable phone to do it (and there aren't too many
at the moment).

The idea is that if you have crappy reception at home, you can use your
wireless network to do VOIP. TMO will try to sell you their router, but
you don't need it.

At 20 Jul 2007 15:33:33 +0000 Scott Ehrlich wrote:
>
> TM is coming out with phone devices that can transition from tower to
wifi
> access point.

It's already here. Beta testing started in Seattle last fall, nationwide
launch was June 27th: two days before the iPhone was released. Wonder
why we didn't hear anything about T-Mo's new service? ;-)

> I wonder what kind of security in involved in the phone to
> prevent:
>
> - phone id (number, etc) theft
>
> - interception and decoding of the call
>
> Unless I learn more about the wifi security, I'll trust the tower over
> wifi.
>

I'm no expert on this, so if I muck it up, I apologise. The new service
isn't VoIP like Skype or Vonage, but is "UMA" or "Unlicensed Mobile
Access." From what I understand, it's essentially "GSM over IP"- meaning
the same data packets that would normally run tower to phone and vice
versa are what's travelling over the internet to/from T-Moble. This
supposedly means UMA should have the same inherent security as a regular
tower-based call. This also, from what I understand, is what allows the
seamless handoffs between GSM and Wi-Fi (and vice versa)- the Wi-Fi
connection is shoveling the same type of data traffic, so from the phone
(and T-Mo's) point of view, the handoff is no different than a handoff
between two cell towers.



--
Posted via a free Usenet account from http://www.teranews.com

At 20 Jul 2007 21:07:05 -0700 Randall Ainsworth wrote:

> This is called T-Mobile@home. I'm not sure when it hits retail.

Sorry to nitpick (because I often call it T-Mo@Home as well!) but it's
actually called "Hotspots@Home." It launched nationwide at the end of
June.


> And
> you'll have to have a capable phone to do it (and there aren't too many
> at the moment).


Only two- a Samsung and a Nokia. More will follow. I'm not interested
until they have one that can authenticate onto a wi-fi network through
the phone browser (to use it in hotel wi-fi systems that generally
require you to log-in or at least agree to a T&C page before being
granted access.


> The idea is that if you have crappy reception at home, you can use your
> wireless network to do VOIP.

Sort of- in addition to that, you can get unlimited wi-fi calling for
$10/month (on top of your regular voice plan) if you choose (the idea
being that you could drop your landline service and just have one phone
if you have unlimited "cellular" minutes at home. An important point to
add here (addressed in my prior post) is that this is NOT technically VoIP,
but GSM over the internet, to allow a seamless transfer betwen wi-fi and
GSM towers during a call.

> TMO will try to sell you their router, but
> you don't need it.

The router is free after rebate and while the phones will work with any
router, you should probably use T-Mo's for two reasons- first, it
prioritizes traffic for call quality, but more importantly it supports a
special non-standard communications mode that conserves battery power on
the handset- the wi-fi on the handset essentially gets to go to sleep
until the router tells it to wake up for an incoming call or when it's
about to go out of range. This
prevents the need for the constant, battery-draining, "are you still
there," "yes, I'm still here" chatter between routers and typical wi-fi
devices when not actively transferring data.



--
Posted via a free Usenet account from http://www.teranews.com

In message <46a0d5cd$0$494$b45e6eb0@senator-bedfellow.mit.edu>
scott@mit.edu (Scott Ehrlich) wrote:

>TM is coming out with phone devices that can transition from tower to wifi
>access point. I wonder what kind of security in involved in the phone to
>prevent:
>
>- phone id (number, etc) theft
>
>- interception and decoding of the call

Probably exactly the same as is used in tower based communications. Just
a thought though.

--
If quitters never win, and winners never quit,
what fool came up with, "Quit while you're ahead"?

In article <ftm4a39frmjr6u84dfvkngbp90s0oa689a@4ax.com>,
DevilsPGD <spam_narf_spam@crazyhat.net> wrote:
>In message <46a0d5cd$0$494$b45e6eb0@senator-bedfellow.mit.edu>
>scott@mit.edu (Scott Ehrlich) wrote:
>
>>TM is coming out with phone devices that can transition from tower to wifi
>>access point. I wonder what kind of security in involved in the phone to
>>prevent:
>>
>>- phone id (number, etc) theft
>>
>>- interception and decoding of the call
>
>Probably exactly the same as is used in tower based communications. Just
>a thought though.
>

I think you are missing the point... voice to the tower is more difficult
to intercept (less people wiretapping the tower) than a wireless/wired
network. Thus, with more people listening on the same wireless/wired
network, more chance of rogue interception of a call on the network.
Thus, what kind of security is put into place from the phone itself on the
wifi/wired network?

Scott

On 2007-07-21, Scott Ehrlich <scott@mit.edu> wrote:

> I think you are missing the point... voice to the tower is more difficult
> to intercept (less people wiretapping the tower) than a wireless/wired
> network. Thus, with more people listening on the same wireless/wired
> network, more chance of rogue interception of a call on the network.
> Thus, what kind of security is put into place from the phone itself on the
> wifi/wired network?

Since it's GSM over IP, not VoIP, I would expect that whatever security/
encryption is done on normal GSM conversations would still apply...

In article <slrnfa5069.sl6.sjsobol@amethyst.justthe.net>,
Steve Sobol <sjsobol@JustThe.net> wrote:
>On 2007-07-21, Scott Ehrlich <scott@mit.edu> wrote:
>
>> I think you are missing the point... voice to the tower is more difficult
>> to intercept (less people wiretapping the tower) than a wireless/wired
>> network. Thus, with more people listening on the same wireless/wired
>> network, more chance of rogue interception of a call on the network.
>> Thus, what kind of security is put into place from the phone itself on the
>> wifi/wired network?
>
>Since it's GSM over IP, not VoIP, I would expect that whatever security/
>encryption is done on normal GSM conversations would still apply...
>


From what I've read, it appears that GSM security/encryption isn't all
that great.

We'll see how security plays out on the wifi side as time goes on...

Scott

At 21 Jul 2007 21:53:44 +0000 Scott Ehrlich wrote:

> From what I've read, it appears that GSM security/encryption isn't all
> that great.


That's apparently true- however since you seemed comfortable with it (I
believe you said something about "sticking with towers" rather than wi-
fi, I was just pointing out that wi-fi should be just as secure (or
insecre) as the GSM network.


> We'll see how security plays out on the wifi side as time goes on...

I suspect that unless you're Jack Bauer it'll be "good enough."


--
Posted via a free Usenet account from http://www.teranews.com