GSM security flaws exposed

Monday, 10 February 2003, 4:08 PM EST

Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.

The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.

After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.

Underground hacking tools, freely available on the internet, make this feasible.

These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.

[ Read more ]

Comment:

Yossarian submitted the following:

I was reading the news on the breaking of COMP128 and other GSM related stuff in the above linked article. I thought when I read it, that it was no new trick. Also, being well acquainted with the work of X-force and crypto breaking, I wondered what was wrong with this story. So i checked.

Basically two things:

This same exploit - on COMP128 - was released 5 years ago - see here.

Second: it was not done by the X-force crew - or if they have, they have not checked first. Wrong in both cases.




Spotlight

Using Hollywood to improve your security program

Posted on 29 July 2014.  |  Tripwire CTO Dwayne Melancon spends a lot of time on airplanes, and ends up watching a lot of movies. Some of his favorite movies are adventures, spy stuff, and cunning heist movies. A lot of these movies provide great lessons that we can apply to information security.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Jul 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //