[ISN] Cell-Phone Security Far From Airtight

From: jerichot_private
Date: Mon Apr 13 1998 - 21:50:19 PDT

  • Next message: jerichot_private: "[ISN] AT&T Data Networks Down (hacker?)"

    Forwarded From: Aleph One <aleph1t_private>
    
    [Aleph1:  Here is the real story behind the hack. BTW, you can download
     the secret GSM algorithm, COMP128, from
     http://www.scard.org/gsm/a3a8.txt]
     
       http://www.wired.com/news/news/technology/story/11630.html
       
       Cell-Phone Security Far From Airtight
       by Annaliza Savage 
       
       9:59am  13.Apr.98.PDT
       A group of California-based computer experts claims to have
       compromised the cryptographic security behind the world's most popular
       digital cell-phone system, making it possible to clone any phone using
       the GSM standard.
       
       The Smartcard Developer Association says it cracked the algorithm
       used as the basis for the The Global System for Mobile Communications
       (GSM) -- a digital cellular phone system that is used in about 80
       million cell phones, primarily in Europe and Asia. Many US networks
       are starting to implement GSM standards, too, and this attack was
       launched against a card issued by Pacific Bell. If the group's
       claims are true, it could lead to a recall or reissue of the smart
       cards used in GSM-based phones.
       
       "GSM is likely to face fraud problems of the same magnitude as analog
       systems have had," said Marc Briceno, a member of the SDA who said
       that analog systems have lost billions of dollars because of cellular
       phone cloning.
       
       GSM-based cell phones work with a small card containing an electronic
       chip called a Subscriber Identity Module card. The SIM card
       inserts into the back of the cellular phone and contains information
       that is used to identify subscribers and their account information to
       the GSM network. The SIM card must be inserted into a GSM Mobile
       handset to obtain access to the network, and one of the primary
       benefits of the technology is that cell phones have access to GSM
       networks worldwide.
       
       However, to clone a SIM card, a would-be cracker would have to have
       physical possession of one. Unlike the cloning used in analog systems,
       the crack does not yet include being able to listen in on peoples
       phone calls or obtain a SIM ID via the airwaves, although the SDA has
       stated that an "over-the-air attack should not be ruled out."
       
       The SIM uses encryption to keep the identity of the phone secret, and
       the encryption algorithm used on most of the GSM network is called
       COMP128. The SDA was able to obtain the secret ciphers used by the GSM
       network. After verifying authenticity, the group turned them over to
       UC Berkeley researchers David Wagner and Ian Goldberg, who were able
       to crack the COMP128 algorithm within a day. In 1995, Wagner and
       Goldberg succeeded in another high-profile hack when they compromised
       the crypto code used in Netscape's Navigator browser, which was
       supposed to secure credit-card transactions.
       
       "Within hours they discovered a fatal flaw," said Briceno. "The attack
       that we have done is based on sending a large number of challenges to
       the authorization module in the phone. The key can be deduced and
       recovered in about 10 hours."
       
       A group of hackers gathered with security and crypto experts Friday
       evening at a San Francisco hacker club called New Hack City, for a
       demonstration of the hack, but it never came off. Eric Hughes, a
       member of the SDA and founder of the Cypherpunks cryptography group,
       discussed the technical aspects of the hack, but had to give up the
       planned demonstration after threats of legal action from Pac Bell and
       other telephone company executives. It is illegal in the United States
       to possess cellular phone cloning equipment, although legitimate
       businesses are exempted. The telephone companies dispute SDA's claims
       to legitimacy.
       
       Wagner blames the ease of the crack on the secrecy with which the
       ciphers were kept.
       
       "There is no way that we would have been able to break the
       cryptography so quickly if the design had been subjected to public
       scrutiny," said Wagner.
       
       The GSM standard was developed and designed by the European
       Telecommunications Standard Institute, an organization that has about
       500 members from 33 countries, representing administrations, network
       operators, manufacturers, service providers, and users.
       
       "There's going to be an orgy of finger pointing," said Hughes,
       referring to all the engineers and other people associated with the
       design of the GSM network.
       
       The SDA say that they were able to crack the GSM network algorithm due
       to weak encryption in the original design. When the system was being
       designed, several European government agencies were successful in
       their demands to weaken encryption standards for government
       surveillance purposes.
       
       The SDA also claimed that the GSM security cipher that keeps
       eavesdroppers from listening to a conversation called A5 was also made
       deliberately weaker. The A5 cipher uses a 64-bit key, but only 54 of
       the bits are actually in use -- 10 of the bits have been replaced with
       zeroes. The SDA's Briceno blames government interference.
       
       "The only party who has an interest in weakening voice privacy is the
       National Security Agency," he said.
       
       The SDA said that a proper demo will be taking place soon from
       somewhere outside the United States. The group has also released the
       source code for COMP128 and A5 for further testing.
       
       
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Dimensional Communications (www.dim.com)
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:50:39 PDT