IBM report cites cell phone hacking risks By Robert Lemos Staff Writer, CNET News.com May 7, 2002, 4:45 PM PT <http://news.com.com/2100-1040-901920.html>
IBM researchers released a report Tuesday showing that some cell phones' security cards could be cloned in minutes, letting hackers make calls and route charges to the cloning victim's account. The hacking technique studied by the researchers, known as a partitioning attack, analyzes power fluctuations in a phone's security identification module (SIM) card, allowing an attacker to divine the security codes stored inside. However, the technique only works on the first-generation of global system for mobile communications (GSM) phones and requires that the attacker have physical access to the phone for at least a minute or two. ... The technique, to be outlined in a paper that will be presented at the IEEE Symposium on Security and Privacy next week, requires a computer, a SIM card reader and the right program. The program asks the target card seven specific "questions," and it analyzes the signals from the card to determine how it's processing the queries. By analyzing the electromagnetic field changes and power fluctuations, the researchers can divine the card's cryptographic identity. ... Once a card is cloned, the password, generally a four-digit PIN, is necessary to unlock the information. Yet, a thief could easily try all 10,000 combinations with the newly cloned card. --------- The paper appears to be, Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards Josyula R. Rao (IBM Watson Research Center), Pankaj Rohatgi (IBM Watson Research Center), Stephane Tinguely (EPFL, Lausanne), Helmut Scherzer (IBM Germany) to be presented at the 2002 IEEE Symposium on Security and Privacy. <http://www.ieee-security.org/TC/SP02/sp02index.html> -- M Taylor http://www.mctaylor.com/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]