1998-04-22 - GSM cellphones cloned - THREATS !!

Header Data

From: Dave Emery <die@pig.die.com>
To: cryptography@c2.net
Message Hash: 90e3e9f3814f79ddecfe665e97a93a43ce477b865f892380abd60a6ce137ccaa
Message ID: <19980421211620.A22293@die.com>
Reply To: N/A
UTC Datetime: 1998-04-22 01:16:00 UTC
Raw Date: Tue, 21 Apr 1998 18:16:00 -0700 (PDT)

Raw message

From: Dave Emery <die@pig.die.com>
Date: Tue, 21 Apr 1998 18:16:00 -0700 (PDT)
To: cryptography@c2.net
Subject: GSM cellphones cloned - THREATS !!
Message-ID: <19980421211620.A22293@die.com>
MIME-Version: 1.0
Content-Type: text/plain


----- Forwarded message from Dave Emery <die@die.com> -----
> 
> Several radio enineers I talked with speculated that it /might/ even be
> possible to modify a standard GSM phone to act as a rouge "key reaper"
> base station. I am not a radio engineer and have no way to verify this
> claim.

	The modifications would be fairly major and rather difficult on
a surface mount high density low cost phone PC board.  A lot of the
stuff required is in ASICs in a typical phone, and they are not in
general easily adapted to playing a different role even if the full
design database and phone schematics are available to the hacker which
it would not be.

	On the other hand, some of the components of a standard GSM
phone  could be used to fill a number of functions in such an animal,
and a couple of partially stripped GSM phone PC cards would certainly be
useful as part of such.  I would see such a probe base station as a
briefcase size object run by a laptop or powerful palmtop spliced into
two or three hacked up phone PC cards with some added signal processing
logic in a FPGA or two (and maybe an added RF modem chip as well).
There would be a significant amount of software required, depending on
how completely one would have to emulate a base stations and mobile
switch.

	Of course some older phone designs might be less ASIC intensive
and more adaptable, although the 1.9 ghz PCS US versions are mostly
pretty recent.   And there may be some universal multi-standard brand
that is much more software configured than others and might be an easier
jumping off place - I certainly have not investigated this at all (nor
do I expect to).



	On another topic - privacy...


	Your break suggests that A3/A8 may have been deliberately
weakened to allow such SIM probing.   Intelligence agencies are not in
general  interested in cloning, but for those without access to whatever
magic hardware (or software) exists for cracking A5/1 at low cost in
real time, the ability to once recover the SIM secret allows easy
listening to all subsequent calls from that phone (or SIM) with no
required cracking hardware time or access.  And this is very valuable in
lots of situations, such as covert operations out of hotels in foreign
places where having highly classified A5 cracking boxes in tow would be
a significant security risk.

	And for countries with GSM phone systems interested in spying
on visiting diplomats, heads of state, or trade delegations who are using
their GSM phones in a roaming mode and depending on the fact the GSM home
switching office does not disclose their long term secret, such probing can
be quietly concealed in the real traffic of a legitimate base station.
The secrets recovered can then be used to crack traffic back in the
visitor's home country where he may be trusting his local system to
be secure.

	And the ability to probe the phones of visiting dignitaries from
nearby hotel rooms and recover their secrets must be awfully useful to
many even third rate intelligence operations - this allows listening to
all their subsequent traffic without requiring an A5/1 cracking
capability at all - let alone one that works real time from low cost
portable units.

	And even if there is some sanity test in GSM phone firmware that
would catch or prevent enough probes to crack the SIM secret, your 
physical access method allows black bag jobs to recover the SIM secret
of phones left poorly guarded for a few hours.   This alone
is very obviously of great use to intelligence types (at least unless
there is some hardware backdoor in the SIM to allow the readout in
seconds rather than hours).



-- 
	Dave Emery N1PRE,  die@die.com  DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2  5D 27 BD B0 24 88 C3 18






Thread