GSM security flaws exposed

Monday, 10 February 2003, 4:08 PM EST

Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.

The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.

After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.

Underground hacking tools, freely available on the internet, make this feasible.

These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.

[ Read more ]


Yossarian submitted the following:

I was reading the news on the breaking of COMP128 and other GSM related stuff in the above linked article. I thought when I read it, that it was no new trick. Also, being well acquainted with the work of X-force and crypto breaking, I wondered what was wrong with this story. So i checked.

Basically two things:

This same exploit - on COMP128 - was released 5 years ago - see here.

Second: it was not done by the X-force crew - or if they have, they have not checked first. Wrong in both cases.


How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Sep 19th