IBM report cites cell phone hacking risks
M Taylor
mctaylor at privacy.nb.ca
Wed May 8 11:06:58 EDT 2002
IBM report cites cell phone hacking risks
By Robert Lemos
Staff Writer, CNET News.com
May 7, 2002, 4:45 PM PT
<http://news.com.com/2100-1040-901920.html>
IBM researchers released a report Tuesday showing that some cell phones'
security cards could be cloned in minutes, letting hackers make calls and
route charges to the cloning victim's account.
The hacking technique studied by the researchers, known as a partitioning
attack, analyzes power fluctuations in a phone's security identification
module (SIM) card, allowing an attacker to divine the security codes stored
inside.
However, the technique only works on the first-generation of global system
for mobile communications (GSM) phones and requires that the attacker have
physical access to the phone for at least a minute or two.
...
The technique, to be outlined in a paper that will be presented at the IEEE
Symposium on Security and Privacy next week, requires a computer, a SIM card
reader and the right program. The program asks the target card seven specific
"questions," and it analyzes the signals from the card to determine how it's
processing the queries. By analyzing the electromagnetic field changes and
power fluctuations, the researchers can divine the card's cryptographic
identity.
...
Once a card is cloned, the password, generally a four-digit PIN, is
necessary to unlock the information. Yet, a thief could easily try all
10,000 combinations with the newly cloned card.
---------
The paper appears to be,
Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards
Josyula R. Rao (IBM Watson Research Center), Pankaj Rohatgi (IBM Watson
Research Center), Stephane Tinguely (EPFL, Lausanne), Helmut Scherzer (IBM
Germany)
to be presented at the 2002 IEEE Symposium on Security and Privacy.
<http://www.ieee-security.org/TC/SP02/sp02index.html>
--
M Taylor
http://www.mctaylor.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list