Smartcard Developer Association Clones Digital GSM Cellphones
 

Smartcard Developer Association Clones Digital GSM Cellphones
Dateline: 2300 Hrs 13 April 1998 PRESS RELEASE FROM SDA
San Francisco, Monday, 13 April 1998. The Smartcard Developer Association (SDA) and two U.C. Berkeley researchers jointly announced today that digital GSM cellphones are susceptible to cloning, contrary to the belief of even the telecommunication providers that have fielded them. GSM (Groupe Spéciale Mobile) is the most widely used cellphone standard in the world, with more than 79 million GSM phones in use worldwide. In contrast, there are about 58 million U.S cellphone users of all kinds both analog and digital, including some GSM.

The SDA became involved with GSM security because GSM phones have a small smartcard inside them which holds the identity of the cellphone. This small smartcard is called a SIM, for Subscriber Identification Module. The SIM must keep the identity inside a secret and uses cryptography to protect it. The SDA has organized and coordinated the activities leading to a breach in the cryptographic protection. The breach allows the extraction of the secret inside the SIM, after which the secret may be inserted into a different SIM. A cellphone with the new SIM has the same identity as the original phone.

The GSM standard was designed by an association of European cellular network operators and equipment manufacturers. The cryptographic protection is but a small part of the 130 volumes and over 6,000 pages which make up the GSM standard. Unfortunately, the cryptography was designed in secret and is still kept secret, provided to individuals at smartcard and cellphone manufacturers on a ``need-to-know'' basis.

"As shown so many times in the past, a design process conducted in secret and without public review will invariably lead to an insecure system," says Marc Briceno, Director of the SDA. "Here we have yet another example of how security by obscurity is no security at all."

The origin of the breach was when the SDA discovered the cryptographic algorithms used inside the SIM's and cellphones. The SDA first verified that the algorithms were accurate. The exact details of the algorithms were not known to the public but the verified algorithms matched the facts that were publicly known. Next the SDA brought in David Wagner and Ian Goldberg, researchers in the Internet Security, Applications, Authentication and Cryptography (ISAAC) group at the University of California, Berkeley. Within a day, Wagner and Goldberg had found a fatal cryptographic flaw in COMP128, the algorithm used to protect the identity inside the SIM. They created a system to exploit the flaw by repeatedly asking the SIM to identify itself; by processing the responses they were able to extract the secret from inside the SIM.

"There's no way that we would have been able to break the cryptography so quickly if the design had been subjected to public scrutiny", says David Wagner. "Nobody is that much better than the rest of the cryptography research community." David Wagner was previously known for his work on the breach of CMEA, a cipher used in digital cellphones. As in this case, the cryptographers who did the work on CMEA blamed the design process for the insecurity of the system.

Serious Implications, Possible Remedies
Almost all GSM network operators are vulnerable to the new breach. There are replacements for COMP128 permitted in the GSM system, but so far the SDA has not found a network which does not use COMP128. The SDA is currently in the process of determining which cellular networks are vulnerable. Nor are U.S. companies immune. Many U.S. networks use GSM standards in their offerings of digital PCS service, Pacific Bell among them. Indeed, it was a SIM signed up to the Pacific Bell PCS service that the ISAAC group successfully attacked.

One of the main advantages touted for the new digital services is that the phones cannot be cloned. A billboard advertisement by Pacific Bell well known in the San Francisco area portrays a sheep, presumably a cloned sheep, and a claim that the digital cellphone is different. Cloned phones are widely used in criminal ``call-sell'' operations, which sell international and long distance service from cloned telephones.

The fraud potential is exacerbated by a blind reliance of equipment engineers on the belief that the cryptography would never be broken. "Much switching equipment never checks to see if two telephones with the same identity are on-line at the same time", says Yobie Benjamin, Chief Knowledge Officer at Cambridge Technology Partners.

The SDA points out that the breach may be correctable, but this cannot be known for certain at the current time. "We anticipate that this is but the first in a family of related vulnerabilities", says Goldberg of the ISAAC group. Remedies cannot be adequately designed until more is known about the potential for other weaknesses. The SDA cautions that no practical over-the-air attack is known yet but that one should not be ruled out. Unlike the current breach, which requires physical possession of a SIM, an over-the-air attack would extract secrets from SIM's nestled inside their phones and without the cooperation of the owner.

Any fix of the system is certain to be expensive. "At the least, all the SIM's would have to be reissued. A software upgrade for all the authentication centers shouldn't be ruled out", says Bob Keyes, a consultant with Enterprise Security Services at Cambridge Technology Partners. Changes to each component would not be particularly large, but the changes in total would be extensive, affecting many different pieces of the system.

Indications of Government Interference
A secret design process is always fraught with peril, but the situation worsens when government agencies meddle. One of the discoveries that the SDA made about GSM security was a deliberate weakening of the confidentiality cipher used to keep eavesdroppers from listening to a conversation. This cipher, called A5, has a 64 bit key, but only 54 bits of which are used. The other ten bits are simply replaced with zeros. "The only party who has an interest in weakening voice privacy is a national surveillance agency", says Briceno. "Consumers want privacy, and the manufacturers and network operators incur no cost whatsoever by using a full-size key."

The U.S. systems may well befall the same fate. The National Security Agency is known to have pressured the analogous U.S. standards body to weaken voice privacy. "The U.S. systems aren't much better", says Phil Karn, an engineer with Qualcomm, a maker of digital CDMA cellphones. Karn has had experience in the standardization process. "Unless consumers demand better, the situation is unlikely to change", he says.

The lessons for electronic commerce are clear. Only standards created in an open environment and subject to public comment are acceptable. Any other process has always led to losses for service providers and consumers alike. "Every part of a system design requires a publicly accepted justification, without exception", says Eric Hughes, Chief Designer at SigNet Assurance, a company building electronic commerce infrastructure. So far the signs are encouraging. Standards such as SET, even though developed in private, are nevertheless available for public review. Companies evaluating systems need to look closely at the design process of their security components. Top management should verify these claims before final procurement. Hughes says, "I fear that unless we have a culture where anything but open security analysis is ridiculous, we will have some spectacular and unnecessary electronic commerce catastrophes."




Section: Hack News

[GSM Keys In 60 Seconds 07 November 1999]
[DVD's CSS Cracked 02 November 1999]
[ GSM Hacked - Phone Cloned 13 Apr 1998]
[GSM - Security By Idiocy 14 Apr 1998]
[GSM Simcard Emulator Released 25 Apr 1998]


--------------------------------------------------------------------------------

© 1999 Hack Watch News
McCormac's Hack Watch News, Hack Watch News and Syndicated HackWatch are trademarks of Hack Watch News
--------------------------------------------------------------------------------

has any one done this ??
how????????

:confused:

oh yes, indeed - but very long ago.... :(

it isn´t possible with all types of sim-cards - i´ve done a clone of my A1-sim 5 years bevore, and runned this clone succesfully on my noki 6110.....

launch your favorite search-engine and search for "simpic", and/or "simscan" - and you wil find all you need......

Yeah I remember reading this some time ago. What they fail to mention is that to do this you have to have the original sim card and it took them 8hrs to crack. If i lost my SIM card i think i would realise it was missing before the 8hours was up and report it stolen. As soon as you report it stolen it becomes useless. I suppose its ok for cloning your own SIM card and selling it to other people.....lol

"27Apr98 GERMANY: COMPUTER HACKERS COPY MANNESMANN MOBILE PHONE SIM CARD.

Members of the Chaos Computer Club have succeeeded in finding a weak spot
in the mobile telecoms network D2. They were able to duplicate a D2 SIM
card and thus gain access to the digital mobile telecoms network D2.

More than four million people use the D2 network which is operated by
Mannesmann Mobilfunk GmbH (Duesseldorf). Mannesmann said that the cloning
poses no significant security risk to clients.

In order to clone a SIM card, the hackers had to have both a copy of the
original SIM card for at least 11 hours and know the PIN number.
Scientists at the University of California and the Smartcard Developers
Association in the USA already reported weaknesses in smaller mobile
telecoms networks at the beginning of April which work on the same GSM
standard as the German networks D1, D2 and E-Plus.


This is of course bull****. If they used the same standard, they would
all be vulnerable. As a member of the CCC I can clarify a little here.
D2 is the only German network using COMP128 right now, which is the GSM
reference encryption algorithm. What we did is "simply" implement the
attack outlined by Ian Goldberg et al from Berkeley. And we made the
necessary software available on www.ccc.de, and there are blueprints for
useful hardware. The PIN is not an issue because evil mobile dealers
can sell cloned phones now.

Our GSM guy says that there are only three networks that are known not
to use COMP128 right now, and two of them are in Germany, obviously.

For those who speak German, there is a nice round-up on

http://www.ccc.de/D2Pirat/index.html

and you can download the software there, too. There are pictures of the
equipment there, too, that look quite cool ;)

What we demonstrated was that you can get the pin from the "secure"
envelope without traces and that you can use the attack from Goldberg to
get the secret key from the card in about 11 hours without overclocking
the card or tricks like that. The URL to Goldberg's method was already
posted on ISN I believe. And we showed that the clone and the original
can check into the D2 GSM network at the same time, they just can't
place calls simultaneously without error messages. This all is of
course still very useful to criminals who need anonymous phones.

BTW: D2 put out some of the typical press blah like "no real damage",
"only theoretical attack", "same problem as when you lose your card",
stuff like that ;)

What remains to be seen is whether the other German mobile carriers use
better or just different algorithms.

Felix"

-- Cool, eh ? It doesn't seem to be all that difficult ...

A legal, official D2-Twin-Card on the other hand costs about 20DM ... ;)

Come on people can you not just summarise and give us cool info.

Ok sim copiers are good but look how much i have to read. Stop copy and pasting you lazy people

JJ008, a comment coming from you regarding detailed postings being too much for you too read must be a joke considering the number of unnecessary postings you put on the board ?

After all, you must have told everyone at least 20 times recently how wonderful you are for giving away your free CD of logos etc, how much it cost you, too post back when they receive it BLAH BLAH BLAH.

Even whilst on holiday you are offering your sourcing services whilst away, "another good offer from you" BLAH BLAH BLAH. When no-one posts a return you post asking any interest.

And before all this you started with a request for people too rate you with a posting showing a picture of your phone, BIG DEAL.

All this for ratings?

Suggest you put your own house in order before complaining about long detailed posts, at least the ones you are complaining about are not asking to be rated, merely posting what they feel relates too the topic.

:rolleyes: :rolleyes: :rolleyes:

So What do i need to copy sims...for educational purposes obviously!!!! ;)

yes !!!!!!!!!!So What do i need to copy sims...for educational purposes obviously!!!! <img src="biggrin.gif" border="0"> <img src="wink.gif" border="0"> <img src="confused.gif" border="0">