1998-04-13 - Re: GSM cellphones cloned

Header Data

From: David Honig <honig@alum.mit.edu>
To: John Young <cypherpunks@toad.com
Message Hash: 8d113922f7b6d19861213be4d6f04d7db53c7d02713af0437c5c9680d7d599cc
Message ID: <3.0.5.32.19980413132949.007c3100@otc.net>
Reply To: <v04003a05b157e6c52077@[139.167.130.246]>
UTC Datetime: 1998-04-13 20:29:36 UTC
Raw Date: Mon, 13 Apr 1998 13:29:36 -0700 (PDT)

Raw message

From: David Honig <honig@alum.mit.edu>
Date: Mon, 13 Apr 1998 13:29:36 -0700 (PDT)
To: John Young <cypherpunks@toad.com
Subject: Re: GSM cellphones cloned
In-Reply-To: <v04003a05b157e6c52077@[139.167.130.246]>
Message-ID: <3.0.5.32.19980413132949.007c3100@otc.net>
MIME-Version: 1.0
Content-Type: text/plain


At 02:30 PM 4/13/98 -0400, John Young wrote:
>>Congrats to Lucky, and Ian, and Dave.

JY is referring to: 

http://dailynews.yahoo.com/headlines/technology/wired/story.html?s=z/reuters
/980413/wired/stories/security_4.html


Monday April 13 3:11 PM EDT 

Experts crack digital cell-phone security system

By Annaliza Savage 

SAN FRANCISCO (Wired) - A group of California-based computer experts claims
to have cracked the cryptographic security
behind the world's most popular digital cell-phone system, making it
possible to clone any phone using the GSM standard. 

The Smartcard Developer Association (http://www.scard.org) says it found
the algorithm used as the basis for the Group Special
Mobile (GSM) -- a digital cellular phone system that is used in about 80
million cell phones, primarily in Europe and Asia. Many
U.S. networks are starting to implement GSM standards, too, and this attack
was launched against a card issued by Pacific Bell. If
the group's claims are true, it could lead to a recall or reissue of the
smart cards used in GSM-based phones. 

"GSM is likely to face fraud problems of the same magnitude as analog
systems have had," said Marc Briceno, a member of the
SDA who said that analog systems have lost billions of dollars because of
cellular phone cloning. 

GSM-based cell phones work with a small card containing an electronic chip
called a Subscriber Identity Module card. The SIM
card inserts into the back of the cellular phone and contains information
that is used to identify subscribers and their account
information to the GSM network. The SIM card must be inserted into a GSM
Mobile handset to obtain access to the network,
and one of the primary benefits of the technology is that cell phones have
access to GSM networks worldwide. 

However, to clone a SIM card, a would-be cracker would have to have
physical possession of one. Unlike the cloning used in
analog systems, the crack does not yet include being able to listen in on
phone calls or obtain a SIM ID via the airwaves, although
the SDA has stated that an "over-the-air attack should not be ruled out." 

The SIM uses encryption to keep the identity of the phone secret, and the
encryption algorithm used on most of the GSM network
is called COMP128. The SDA was able to obtain the secret ciphers used by
the GSM network. After verifying authenticity, the
group turned them over to U.C. Berkeley researchers David Wagner and Ian
Goldberg, who were able to crack the COMP128
algorithm within a day. 

In 1995, Wagner and Goldberg succeeded in another high-profile hack when
they compromised the crypto code used in
Netscape's Navigator browser, which was supposed to secure credit-card
transactions. 

"Within hours they discovered a fatal flaw," said Briceno. "The attack that
we have done is based on sending a large number of
challenges to the authorization module in the phone. The key can be deduced
and recovered in about 10 hours." 

A group of hackers gathered with security and crypto experts Friday evening
at a San Francisco hacker club called New Hack
City, for a demonstration of the hack, but it never came off. Eric Hughes,
a member of the SDA and founder of the Cypherpunks
cryptography group, discussed the technical aspects of the hack, but had to
give up the planned demonstration after threats of legal
action from Pac Bell and other telephone company executives. 

It is illegal in the United States to possess cellular phone cloning
equipment, although legitimate businesses are exempted. The
telephone companies dispute SDA's claims to legitimacy. 

Wagner blames the ease of the crack on the secrecy with which the ciphers
were kept. 

"There is no way that we would have been able to break the cryptography so
quickly if the design had been subjected to public
scrutiny," said Wagner. 

The GSM standard was developed and designed by the European
Telecommunications Standard Institute, an organization that has
about 500 members from 33 countries, representing administrations, network
operators, manufacturers, service providers, and
users. 

"There's going to be an orgy of finger pointing," said Hughes, referring to
all the engineers and other people associated with the
design of the GSM network. 

The SDA say that they were able to crack the GSM network algorithm due to
weak encryption in the original design. When the
system was being designed, several European government agencies were
successful in their demands to weaken encryption
standards for government surveillance purposes. 

The SDA also claimed that the GSM security cipher that keeps eavesdroppers
from listening to a conversation called A5 was also
made deliberately weaker. The A5 cipher uses a 64-bit key, but only 54 of
the bits are actually in use -- 10 of the bits have been
replaced with zeroes. The SDA's Briceno blames government interference. 

"The only party who has an interest in weakening voice privacy is the
National Security Agency," he said. 

The SDA said that a proper demo will be taking place soon from somewhere
outside the United States. The group has also
released the source code for COMP128 and A5 for further testing
(Reuters/Wired) 


------------------------------------------------------------
      David Honig                   Orbit Technology
     honig@otc.net                  Intaanetto Jigyoubu

	Why is the CIA so full of spies? 











	
















Thread