Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Cracked GSM-SIMcard crypto; phone cloned

0 views
Skip to first unread message

J. Klug

unread,
Apr 14, 1998, 3:00:00 AM4/14/98
to

Hi,
never thought your GSM phone can be cloned ? Since yesterday
it's public. <sigh> ;-)

You may have a look at http://www.scard.org/press/19980413-01/

besides this..Ian Goldberg brought the Top Gun Postman mail app
as a freeware to the PalmPilot community.
I thought this could be of interest to you.

regards,
J.Klug

William Smith

unread,
Apr 15, 1998, 3:00:00 AM4/15/98
to

J. Klug <Tass...@swol.de> wrote:
>never thought your GSM phone can be cloned ? Since yesterday

Well, actually, they didn't clone the phone, just the card. It's like
being able to make copies of your credit card, interesting, but not
too useful. The mere fact that the security was breached in any way
is more of a concern.
--
Willie Smith wp...@world.std.com N1...@amsat.org
#define NII Information SuperCollider

Allen Ethridge

unread,
Apr 15, 1998, 3:00:00 AM4/15/98
to

In article <ErGGv...@world.std.com>, wp...@world.std.com (William Smith) wrote:

>J. Klug <Tass...@swol.de> wrote:
>>never thought your GSM phone can be cloned ? Since yesterday
>
>Well, actually, they didn't clone the phone, just the card. It's like
>being able to make copies of your credit card, interesting, but not
>too useful. The mere fact that the security was breached in any way
>is more of a concern.

Eh? There's nothing in the phone to clone. The card contains the
identity information that allows a user to make calls and be billed.
Cellular fraud is now just as possible with GSM as with North American
cellular.

Allen

David A Sayed

unread,
Apr 16, 1998, 3:00:00 AM4/16/98
to

No it isn't!
Please read the postings in alt.cellular.gsm for more information.

Allen Ethridge wrote in message ...

Leeep!!!

unread,
Apr 16, 1998, 3:00:00 AM4/16/98
to

hiya folks

Allen Ethridge wrote:
> In article <ErGGv...@world.std.com>, wp...@world.std.com (William Smith) wrote:
> >J. Klug <Tass...@swol.de> wrote:
> >Well, actually, they didn't clone the phone, just the card. It's like
> >being able to make copies of your credit card, interesting, but not
> >too useful. The mere fact that the security was breached in any way
> >is more of a concern.
>
> Eh? There's nothing in the phone to clone. The card contains the
> identity information that allows a user to make calls and be billed.
> Cellular fraud is now just as possible with GSM as with North American
> cellular.

Um, before you folks get all worried... note that the cracking attempt
(success) was a "hardware" attack. A potential cloner would have to
*physically steal* your SIM card to begin the cracking process (which
takes several hours). This is unlike the old analog phone systems where
you could snatch accounts off the air and reprogram any other phone. As
of yet, there is no on-the-air attack for SIM cards. Also note that
since each SIM is unique, some systems, but not all, allow only one
instance of any given SIM to be active at once.

Despite this, it still sucks. Then again, we've all known for years
that the government has a "backdoor" into all this encryption stuff
anyhow. *sigh* For the time being though, the SIM still is better than
the old analog phones for security.

-e

PS FYI, Ian was also the one who found the security flaw in Netscape
back in 1995... sorta a long way from Top Gun Postman, eh? I wonder
what "features" are built into TopGun Postman... =)

--
hmmmm... above addy doesn't work? try this...
leeep a csua d berkeley d edu (a == @, d == .)

Magnus Blomqvist

unread,
Apr 22, 1998, 3:00:00 AM4/22/98
to


Leeep!!! wrote:

> hiya folks
>
> Allen Ethridge wrote:
> > In article <ErGGv...@world.std.com>, wp...@world.std.com (William Smith) wrote:
> > >J. Klug <Tass...@swol.de> wrote:
> > >Well, actually, they didn't clone the phone, just the card. It's like
> > >being able to make copies of your credit card, interesting, but not
> > >too useful. The mere fact that the security was breached in any way
> > >is more of a concern.
> >
> > Eh? There's nothing in the phone to clone. The card contains the
> > identity information that allows a user to make calls and be billed.
> > Cellular fraud is now just as possible with GSM as with North American
> > cellular.
>
> Um, before you folks get all worried... note that the cracking attempt
> (success) was a "hardware" attack. A potential cloner would have to
> *physically steal* your SIM card to begin the cracking process (which
> takes several hours). This is unlike the old analog phone systems where
> you could snatch accounts off the air and reprogram any other phone. As
> of yet, there is no on-the-air attack for SIM cards. Also note that
> since each SIM is unique, some systems, but not all, allow only one
> instance of any given SIM to be active at once.
>

There is logic in the network to block the number if two phones are active
with the same id.

/Magnus


0 new messages