GSM security flaws exposed

Monday, 10 February 2003, 4:08 PM EST

Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.

The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.

After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.

Underground hacking tools, freely available on the internet, make this feasible.

These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.

[ Read more ]

Comment:

Yossarian submitted the following:

I was reading the news on the breaking of COMP128 and other GSM related stuff in the above linked article. I thought when I read it, that it was no new trick. Also, being well acquainted with the work of X-force and crypto breaking, I wondered what was wrong with this story. So i checked.

Basically two things:

This same exploit - on COMP128 - was released 5 years ago - see here.

Second: it was not done by the X-force crew - or if they have, they have not checked first. Wrong in both cases.




Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Nov 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //