GSM security flaws exposed
Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.
The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.
After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.
Underground hacking tools, freely available on the internet, make this feasible.
These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.
[ Read more ]
Yossarian submitted the following:
I was reading the news on the breaking of COMP128 and other GSM related stuff in the above linked article. I thought when I read it, that it was no new trick. Also, being well acquainted with the work of X-force and crypto breaking, I wondered what was wrong with this story. So i checked.
Basically two things:
This same exploit - on COMP128 - was released 5 years ago - see here.
Second: it was not done by the X-force crew - or if they have, they have not checked first. Wrong in both cases.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.