[ISN] Cell-Phone Security Far From Airtight

T Bruce Tober octobersdad at reporters.net
Tue, 14 Apr 1998 23:58:59 +0100 

fyi

  ------- Forwarded message follows -------

-----Original Message-----
From: jericho@dimensional.com <jericho@dimensional.com>
To: InfoSec News <isn@sekurity.org>
Date: 14 April 1998 08:23
Subject: [ISN] Cell-Phone Security Far From Airtight


>
>
>Forwarded From: Aleph One <aleph1@dfw.net>
>
>[Aleph1:  Here is the real story behind the hack. BTW, you can download
> the secret GSM algorithm, COMP128, from
> http://www.scard.org/gsm/a3a8.txt]
> 
>   http://www.wired.com/news/news/technology/story/11630.html
>   
>   Cell-Phone Security Far From Airtight
>   by Annaliza Savage 
>   
>   9:59am  13.Apr.98.PDT
>   A group of California-based computer experts claims to have
>   compromised the cryptographic security behind the world's most popular
>   digital cell-phone system, making it possible to clone any phone using
>   the GSM standard.
>   
>   The Smartcard Developer Association says it cracked the algorithm
>   used as the basis for the The Global System for Mobile Communications
>   (GSM) -- a digital cellular phone system that is used in about 80
>   million cell phones, primarily in Europe and Asia. Many US networks
>   are starting to implement GSM standards, too, and this attack was
>   launched against a card issued by Pacific Bell. If the group's
>   claims are true, it could lead to a recall or reissue of the smart
>   cards used in GSM-based phones.
>   
>   "GSM is likely to face fraud problems of the same magnitude as analog
>   systems have had," said Marc Briceno, a member of the SDA who said
>   that analog systems have lost billions of dollars because of cellular
>   phone cloning.
>   
>   GSM-based cell phones work with a small card containing an electronic
>   chip called a Subscriber Identity Module card. The SIM card
>   inserts into the back of the cellular phone and contains information
>   that is used to identify subscribers and their account information to
>   the GSM network. The SIM card must be inserted into a GSM Mobile
>   handset to obtain access to the network, and one of the primary
>   benefits of the technology is that cell phones have access to GSM
>   networks worldwide.
>   
>   However, to clone a SIM card, a would-be cracker would have to have
>   physical possession of one. Unlike the cloning used in analog systems,
>   the crack does not yet include being able to listen in on peoples
>   phone calls or obtain a SIM ID via the airwaves, although the SDA has
>   stated that an "over-the-air attack should not be ruled out."
>   
>   The SIM uses encryption to keep the identity of the phone secret, and
>   the encryption algorithm used on most of the GSM network is called
>   COMP128. The SDA was able to obtain the secret ciphers used by the GSM
>   network. After verifying authenticity, the group turned them over to
>   UC Berkeley researchers David Wagner and Ian Goldberg, who were able
>   to crack the COMP128 algorithm within a day. In 1995, Wagner and
>   Goldberg succeeded in another high-profile hack when they compromised
>   the crypto code used in Netscape's Navigator browser, which was
>   supposed to secure credit-card transactions.
>   
>   "Within hours they discovered a fatal flaw," said Briceno. "The attack
>   that we have done is based on sending a large number of challenges to
>   the authorization module in the phone. The key can be deduced and
>   recovered in about 10 hours."
>   
>   A group of hackers gathered with security and crypto experts Friday
>   evening at a San Francisco hacker club called New Hack City, for a
>   demonstration of the hack, but it never came off. Eric Hughes, a
>   member of the SDA and founder of the Cypherpunks cryptography group,
>   discussed the technical aspects of the hack, but had to give up the
>   planned demonstration after threats of legal action from Pac Bell and
>   other telephone company executives. It is illegal in the United States
>   to possess cellular phone cloning equipment, although legitimate
>   businesses are exempted. The telephone companies dispute SDA's claims
>   to legitimacy.
>   
>   Wagner blames the ease of the crack on the secrecy with which the
>   ciphers were kept.
>   
>   "There is no way that we would have been able to break the
>   cryptography so quickly if the design had been subjected to public
>   scrutiny," said Wagner.
>   
>   The GSM standard was developed and designed by the European
>   Telecommunications Standard Institute, an organization that has about
>   500 members from 33 countries, representing administrations, network
>   operators, manufacturers, service providers, and users.
>   
>   "There's going to be an orgy of finger pointing," said Hughes,
>   referring to all the engineers and other people associated with the
>   design of the GSM network.
>   
>   The SDA say that they were able to crack the GSM network algorithm due
>   to weak encryption in the original design. When the system was being
>   designed, several European government agencies were successful in
>   their demands to weaken encryption standards for government
>   surveillance purposes.
>   
>   The SDA also claimed that the GSM security cipher that keeps
>   eavesdroppers from listening to a conversation called A5 was also made
>   deliberately weaker. The A5 cipher uses a 64-bit key, but only 54 of
>   the bits are actually in use -- 10 of the bits have been replaced with
>   zeroes. The SDA's Briceno blames government interference.
>   
>   "The only party who has an interest in weakening voice privacy is the
>   National Security Agency," he said.
>   
>   The SDA said that a proper demo will be taking place soon from
>   somewhere outside the United States. The group has also released the
>   source code for COMP128 and A5 for further testing.
>   
>   
>
>-o-
>Subscribe: mail majordomo@sekurity.org with "subscribe isn".
>Today's ISN Sponsor: Dimensional Communications (www.dim.com)
>






tbt -- Sign all messages with non-escrowed keys, don't give in to government 
tyranny. Commentary at http://www.homeusers.prestel.co.uk/crecon/Escrow.htm

-- 
|Bruce Tober, octobersdad@reporters.net, Birmingham, England +44-121-242-3832|
|       Freelance PhotoJournalist - IT, Business, The Arts and lots more     |
|               Website - http://www.homeusers.prestel.co.uk/crecon/         |
|                          PGP Key Details follow:                           |
| RSA key ID 0x94F48255 Fingerprint 0907 EBCD 1B37 91F5  D15C 0D2E C617 2671 |
| DSS/DH key ID 0xB1445118                                                   |
| DSS/DH key Fingerprint CBB5 8BF8 2CCC 9B86 41EB  1788 6930 78FB B144 5118  |