IBM report cites mobile phone hacking risks
Published: 08 May 2002 08:57 BST
IBM researchers released a report on Tuesday showing that some cell phones' security cards could be cloned in minutes, letting hackers make calls and route charges to the cloning victim's account.
The hacking technique studied by the researchers, known as a partitioning attack, analyses power fluctuations in a phone's security identification module (SIM) card, allowing an attacker to divine the security codes stored inside.
However, the technique only works on the first-generation of global system for mobile communications (GSM) phones and requires that the attacker have physical access to the phone for at least a minute or two.
"It is not a 'sky is falling' announcement," IBM's Charles Palmer said of the report. "It says that this is a problem." Palmer is IBM's Research department group manager for security, privacy and cryptography.
If such a bypassing technique, or some other hack, were to be used widely, digital thieves could create SIM cards for phones that would route charges to a victim's account.
A game of seven questions
The technique, to be outlined in a paper that will be presented at the IEEE Symposium on Security and Privacy next week, requires a computer, a SIM card reader and the right program. The program asks the target card seven specific "questions", and it analyses the signals from the card to determine how it's processing the queries. By analysing the electromagnetic field changes and power fluctuations, the researchers can divine the card's cryptographic identity.
"Basically, I get to ask the card seven questions, and that is enough to copy the card," Palmer said. "I still have to guess the PIN, but that's easy."
Once a card is cloned, the password, generally a four-digit PIN, is necessary to unlock the information. Yet, a thief could easily try all 10,000 combinations with the newly cloned card.
Just smoke and mirrors?
At least one analyst doesn't think much of the announced security break.
"It's like saying if someone gets your credit card, they can commit credit card fraud," said Roger Entner, program manager for the Yankee Group consultancy. "If you let them disappear with your phone, of course it's going to get cloned."
Entner also pointed out that GSM is not yet widely used in the United States. VoiceStream has released about 7.5 million of the phones, while Cingular and AT&T are building out their GSM networks.
However, GSM is very successful worldwide, accounting for some 70 percent of all phones. And, while many companies are shipping version 2 and 3 of the GSM standard on their SIM cards, the majority of the phones in use today are GSM 1 phones.
In fact, when Palmer and his cohorts went to stores to buy phones with different versions of the GSM specification, only version 1 phones were found.
IBM Research has designed a technical fix to defend against such attacks, but it's not known how IBM intends to license the new technique to manufacturers. For cell phone owners, though, protection is easy: Don't loan your phone to strangers.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
59 out of 94 people found this useful
- Share this article:
