IBM Researchers to Unveil Crack in Cellphone Security

R. A. Hettinga rah at
Tue May 7 23:30:12 EDT 2002,4287,SB1020716403163610240,00.html

May 7, 2002
IBM Researchers to Unveil
Crack in Cellphone Security


New, speedier ways to exploit cellphone security gaps could potentially
allow hackers to bill calls and services to an unsuspecting user's account,
say researchers at International Business Machines Corp.

The latest IBM findings, to be unveiled Tuesday, add to the evidence the
earliest version of security for handsets using the Global System for
Mobile Communications standard, or GSM, is less effective than its founders
might have hoped.

But its impact on consumers is expected to be limited. The IBM technique
requires a hacker to take physical possession of a phone for a few minutes,
something its owner may well notice. In addition, some cellular operators
have upgraded the security used in the handsets and programmed their
systems to quickly root out this sort of fraud.



Following are the steps to clone a SIM card. IBM estimates the first three
can be performed in less than two minutes.
1. Remove SIM card, found under the battery, from cellphone.

2. Place card in a card reader attached to a personal computer or laptop.

3. Run software that queries the SIM card about its identity, monitoring
the cardÕs power consumption and radio wave emissions until the
authentication algorithm is cracked.

4. Clone the SIM card using the encrypted authentication key.

Sources: IBM and WSJ research


IBM has an interest in sounding the alarm. It developed technology to
protect against the kind of hacker attack it is outlining and will offer to
license that to cellphone makers.

But its research appears to set a record in the speed of a successful
attack on a subscriber identity module, or SIM, card used to secure GSM
wireless communications. Such an attack would allow a hacker to access the
encrypted keys in SIM cards, the inexpensive computer chips inserted into
handsets that safeguard and authenticate a user's identity so a phone can
access cellular networks. By copying a stolen key onto a blank card, a
hacker can pretend to be the original user and in theory charge calls and
services to the user's account. GSM is the dominant wireless standard,
representing an estimated 70% of the digital cellular market.

Roughly 380 million SIM cards with a total value around $1.4 billion were
sold last year, according to market research firm Frost & Sullivan.

IBM's researchers say they can crack a SIM card in one to two minutes by
querying it seven times about its identity. Techniques outlined in 1998
academic research on holes in the SIM card system required about eight
hours and 150,000 queries. IBM's attack requires only a card reader, which
can purchased for well under $45, an ordinary personal computer and some
specialized software. "Bad guys are smart enough to do this," says Charles
Palmer, department group manager of Security, Privacy, and Cryptography at
IBM Research in Yorktown Heights, N.Y.

But SIM-card makers say the effects of any such finding are minimal. IBM
performed its tests on the oldest version of SIM-card-authentication
technology -- COMP128, version one. The manufacturers have already begun
shipping cards that use version two and version three technology, which
they say haven't yet been hacked.

"The historical algorithm used for GSM is weak and has been known to be
weak for many years," says Xavier Chanay, vice president for mobile
communications at SchlumbergerSema, the world's largest SIM card maker, in
Montrouge, France. "The risk is really minimal that any large-scale fraud

SchlumbergerSema estimates about half of SIM cards in Asia and North
America and less than 30% in Europe rely on the security standard that IBM
cracked. Gemplus SA, the No. 2 SIM card maker, says about 50% to 60% of all
cards in use rely on it.

The two companies say they continue to sell SIM cards using version one,
though the bulk of their shipments involve versions two or three.

The so-called partitioning attacks IBM used work by monitoring the power
consumption and radio emissions of SIM cards as a computer queries them
about their identities. From that, IBM's system can figure out what the SIM
card was doing while being queried and nail down the algorithm it uses to
safeguard its identity.

Some operators have added extra layers of security against fraud based on
such an attack, alerting them if more than one card with the same identity
is using their networks.

But security holes will develop into a bigger issue as it becomes possible
for more consumers to use wireless handsets to make purchases that appear
as charges on their phone bills. Already, soda vending machines, tram
ticket offices, and parking meters in Scandinavia and elsewhere have been
outfitted with "m-cash" test systems.

An official at the GSM Association, a trade group representing wireless
operators and equipment makers, didn't respond to a request for comment.

R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list