The first GSM standard was published in 1989 [10], fully two decades ago. Since then, cryptanalysis has weakened or broken significant parts of the original specification. Yet many of these compromised pieces remain in common use, particularly throughout the developing world.rnThis state of affairs presents a significant risk given the recent proliferation of high visibility and high value targets within the branchless banking space in the developing world such as M-PESA, GCASH, mChek, and Zap, each of which makes use of SIM Toolkit (STK) security measures, but in an obfuscated manner.rnThis paper will present an overview of recent developments in GSM security and outline the need for increased cooperation and standardization in the face of rapidly eroding security measures currently in place for 2G GSM.
展开▼