http://online.wsj.com/article_print/0,4287,SB1020716403163610240,00.html
May 7, 2002 EUROPEAN BUSINESS NEWS IBM Researchers to Unveil Crack in Cellphone Security By KEVIN J. DELANEY Staff Reporter of THE WALL STREET JOURNAL New, speedier ways to exploit cellphone security gaps could potentially allow hackers to bill calls and services to an unsuspecting user's account, say researchers at International Business Machines Corp. The latest IBM findings, to be unveiled Tuesday, add to the evidence the earliest version of security for handsets using the Global System for Mobile Communications standard, or GSM, is less effective than its founders might have hoped. But its impact on consumers is expected to be limited. The IBM technique requires a hacker to take physical possession of a phone for a few minutes, something its owner may well notice. In addition, some cellular operators have upgraded the security used in the handsets and programmed their systems to quickly root out this sort of fraud. ------- ANATOMY OF A HACK Following are the steps to clone a SIM card. IBM estimates the first three can be performed in less than two minutes. 1. Remove SIM card, found under the battery, from cellphone. 2. Place card in a card reader attached to a personal computer or laptop. 3. Run software that queries the SIM card about its identity, monitoring the cardŐs power consumption and radio wave emissions until the authentication algorithm is cracked. 4. Clone the SIM card using the encrypted authentication key. Sources: IBM and WSJ research --------- IBM has an interest in sounding the alarm. It developed technology to protect against the kind of hacker attack it is outlining and will offer to license that to cellphone makers. But its research appears to set a record in the speed of a successful attack on a subscriber identity module, or SIM, card used to secure GSM wireless communications. Such an attack would allow a hacker to access the encrypted keys in SIM cards, the inexpensive computer chips inserted into handsets that safeguard and authenticate a user's identity so a phone can access cellular networks. By copying a stolen key onto a blank card, a hacker can pretend to be the original user and in theory charge calls and services to the user's account. GSM is the dominant wireless standard, representing an estimated 70% of the digital cellular market. Roughly 380 million SIM cards with a total value around $1.4 billion were sold last year, according to market research firm Frost & Sullivan. IBM's researchers say they can crack a SIM card in one to two minutes by querying it seven times about its identity. Techniques outlined in 1998 academic research on holes in the SIM card system required about eight hours and 150,000 queries. IBM's attack requires only a card reader, which can purchased for well under $45, an ordinary personal computer and some specialized software. "Bad guys are smart enough to do this," says Charles Palmer, department group manager of Security, Privacy, and Cryptography at IBM Research in Yorktown Heights, N.Y. But SIM-card makers say the effects of any such finding are minimal. IBM performed its tests on the oldest version of SIM-card-authentication technology -- COMP128, version one. The manufacturers have already begun shipping cards that use version two and version three technology, which they say haven't yet been hacked. "The historical algorithm used for GSM is weak and has been known to be weak for many years," says Xavier Chanay, vice president for mobile communications at SchlumbergerSema, the world's largest SIM card maker, in Montrouge, France. "The risk is really minimal that any large-scale fraud develops." SchlumbergerSema estimates about half of SIM cards in Asia and North America and less than 30% in Europe rely on the security standard that IBM cracked. Gemplus SA, the No. 2 SIM card maker, says about 50% to 60% of all cards in use rely on it. The two companies say they continue to sell SIM cards using version one, though the bulk of their shipments involve versions two or three. The so-called partitioning attacks IBM used work by monitoring the power consumption and radio emissions of SIM cards as a computer queries them about their identities. From that, IBM's system can figure out what the SIM card was doing while being queried and nail down the algorithm it uses to safeguard its identity. Some operators have added extra layers of security against fraud based on such an attack, alerting them if more than one card with the same identity is using their networks. But security holes will develop into a bigger issue as it becomes possible for more consumers to use wireless handsets to make purchases that appear as charges on their phone bills. Already, soda vending machines, tram ticket offices, and parking meters in Scandinavia and elsewhere have been outfitted with "m-cash" test systems. An official at the GSM Association, a trade group representing wireless operators and equipment makers, didn't respond to a request for comment. -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]