GSM security flaws exposed

Monday, 10 February 2003, 4:08 PM EST

Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.

The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.

After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.

Underground hacking tools, freely available on the internet, make this feasible.

These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.

[ Read more ]


Yossarian submitted the following:

I was reading the news on the breaking of COMP128 and other GSM related stuff in the above linked article. I thought when I read it, that it was no new trick. Also, being well acquainted with the work of X-force and crypto breaking, I wondered what was wrong with this story. So i checked.

Basically two things:

This same exploit - on COMP128 - was released 5 years ago - see here.

Second: it was not done by the X-force crew - or if they have, they have not checked first. Wrong in both cases.


10 practical security tips for DevOps

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Mar 31st