IBM report cites cell phone hacking risks

M Taylor mctaylor at privacy.nb.ca
Wed May 8 11:06:58 EDT 2002 

IBM report cites cell phone hacking risks 
By Robert Lemos 
Staff Writer, CNET News.com
May 7, 2002, 4:45 PM PT
<http://news.com.com/2100-1040-901920.html>

IBM researchers released a report Tuesday showing that some cell phones' 
security cards could be cloned in minutes, letting hackers make calls and 
route charges to the cloning victim's account. 
The hacking technique studied by the researchers, known as a partitioning 
attack, analyzes power fluctuations in a phone's security identification 
module (SIM) card, allowing an attacker to divine the security codes stored 
inside. 

However, the technique only works on the first-generation of global system 
for mobile communications (GSM) phones and requires that the attacker have 
physical access to the phone for at least a minute or two. 

...

The technique, to be outlined in a paper that will be presented at the IEEE 
Symposium on Security and Privacy next week, requires a computer, a SIM card 
reader and the right program. The program asks the target card seven specific 
"questions," and it analyzes the signals from the card to determine how it's
processing the queries. By analyzing the electromagnetic field changes and 
power fluctuations, the researchers can divine the card's cryptographic 
identity. 

...

Once a card is cloned, the password, generally a four-digit PIN, is 
necessary to unlock the information. Yet, a thief could easily try all 
10,000 combinations with the newly cloned card. 

---------

The paper appears to be,
Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards 
Josyula R. Rao (IBM Watson Research Center), Pankaj Rohatgi (IBM Watson 
Research Center), Stephane Tinguely (EPFL, Lausanne),  Helmut Scherzer (IBM 
Germany)

to be presented at the 2002 IEEE Symposium on Security and Privacy.
<http://www.ieee-security.org/TC/SP02/sp02index.html>

-- 
M Taylor
http://www.mctaylor.com/

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list