14 April 1998: Add Masson message
14 April 1998: Link to NYT report on GSM's deliberate weakness

13 April 1998

Date: Tue, 14 Apr 1998 17:37:33 +0200
From: masson <interception@ii-mel.com>
To: jya@pipeline.com

"The experts" able to crack a conversation GSM (air-interception) 
had no mention about security bursts, transport bursts, TDMA, 
about A5-1/A8 key, sparse matrix technique, also.

The "demonstration" in MOBILE EUROPE magazine (crack A5) 4.93 
was a failure. Eventual private phreakers generate more official taps.

Only a State is able to crack an air-interception conversation GSM 
with NEC-SX4, CRAY T3E also. And case by case. On the other hand, 
you have a real scandal with trace GSM (TraceLogRecord; Log control
permits to trace record to be stored; Target Cell list; Trace Control;
Activate Equipment Trace). This facility may be used by subscriber 
administration and network management , e.g. following a customer
complaint or an suspicion of equipment malfunction by the operator or
at the request of the police (GSM 12.08 version 4.5.0 September 97)

Each GSM is traced cell by cell. A back-up is kept:
SFR :      15 days
Detemobil:  2 days
Swisscom:   6 months

More infos see:  http://www.ii-mel.com/interception/europegb.html
                 http://www.dejanews (keyword = location GSM             
                                      title   = interception)


13 April 1998

From David Wagner, "Berkeley researcher": For more information see the GSM Cloning Web site:


Date: Mon, 13 Apr 1998 09:36:03 +0200 (CEST)
From: Lucky Green <shamrock@cypherpunks.to>
To: cypherpunks@algebra.com, cryptography@c2.net
Subject: GSM cellphones cloned

The Smartcard Developer Association (SDA) and two U.C. Berkeley
researchers jointly announced today that digital GSM cellphones are
susceptible to cloning, contrary to the belief of even the
telecommunication providers that have fielded them.
One of the discoveries that the SDA made about GSM security was a
deliberate weakening of the confidentiality cipher used to keep
eavesdroppers from listening to a conversation.  This cipher, called A5,
has a 64 bit key, but only 54 bits of which are used.  The other ten bits
are simply replaced with zeros.

See http://www.scard.org/ for more info.

[Special thanks to Tim Hudson for authoring the smartcard interface code
that made our work possible. We wouldn't have achieved what we did it with
out it].

-- Lucky Green <shamrock@cypherpunks.to> PGP v5 encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"

Date: Mon, 13 Apr 1998 08:49:36 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: cypherpunks@cyberpass.net Subject: TIME Magazine on GSM cell phone crack [Check out p22 of this week's issue for a cute graphic of an exploding Motorola MicroTAC Select 6000 cell phone. --Declan] ****** TIME Magazine April 20, 1998 Page 22 http://www.pathfinder.com/time/magazine/1998/dom/980420/notebook.techwatch.levit24.html      CODEBREAKERS       CRACKED Thought your new digital cell phone was safe from high-tech    thieves? Guess again. Silicon Valley cypherpunks have broken the    proprietary encryption technology used in 80 million GSM (Global    System for Mobile communications) phones nationwide, including    Motorola MicroTAC, Ericsson GSM 900 and Siemens D1900 models. Now    crooks scanning the airwaves can remotely tap into a call and    duplicate the owner's digital ID. "We can clone the phones," brags    Marc Briceno, who organized the cracking. His advice: manufacturers    should stick to publicly vetted codes that a bunch of geeks can't    crack in their spare time. --By Declan McCullagh/Washington
The Wall Street Journal, April 13, 1998, pp. A3, A12. Flaw Is Found in Digital Phone System That May Let Hackers Get Free Service By Jared Sandberg Computer-security engineers said they have found a weakness in the world's most pervasive digital cellular phone technology, a flaw some fear could eventually allow unscrupulous hackers to obtain free service by impersonating legitimate customers. A software developer and two graduate students said they can extract key security information from so-called GSM digital cellular phones, a technology in use by almost 80 million people world-wide. The breach is notable because such phone systems, unlike older analog cellular networks, were believed to be practically tamperproof. The security information is contained in a "subscriber identification module," or SIM card, a credit card-like device inserted into digital cellular phones that identifies each customer to the telephone system. The engineers said they could copy the card and store its information on a computer or a device as simple as a hand-held electronic organizer. When the computer is connected to a phone, the cellular network believes it is being used by an authentic customer. Key Unlocks Security "Once you've recovered the key, all of the security in the system has been compromised," said one of the security experts, David Wagner, a 23-year-old graduate student at the University of California at Berkeley. "What else will be found if other people looked at it?" But some industry observers said the weakness will have negligible impact. The three experts haven't found a way to extract the security codes as they are being transmitted through the airwaves from a telephone to the network -- the "cloning" problem of analog phone systems -- though such a system may someday be devised. Instead, their technique requires that they be in possession of a SIM card. "It doesn't damage the integrity of the system nor does it put customers or operators at risk," said George Schmitt president of Omnipoint Communications Inc., one of this country's GSM operators. Still, cryptography experts at universities make a sport of cracking some of the most popular technologies. Microsoft Corp., Netscape Communications Corp. and Sun Microsystems Inc. have all been strafed by campus cryptographers. "There's a lot of glee at poking holes in the overblown statements" of corporations, said Eric Hughes, founder of Simple Access Inc., an electronic-commerce company in San Francisco that hosted the announcement by the three who cracked the GSM code. Track Record of Poking Holes The latest hacking handiwork marks at least a hat trick for Mr. Wagner and his cohort Ian Goldberg, who have become famous for cracking purportedly secure code. In the fall of 1996, the duo discovered a flaw in the technology of Netscape's Web browser software that protects the privacy of credit-card purchases. Then Mr. Goldberg followed by breaching the relatively weak encryption code that the U.S. government lets companies export. Marc Briceno, 36 years old, director of the Smart Card Developers Association, which represents companies that write software for cards similar to those used in GSM phones, began trying to piece together one of the GSM technology's secret algorithms in January. Mr. Briceno received a document detailing part of the so-called COMP128 algorithm that had been leaked by a researcher, he said. After spending several months filling the holes in the algorithm, he took it to Messrs. Wagner and Goldberg. Within two hours, the two had found a flaw in the algorithm, and they developed software that would challenge the algorithm to see if it could produce other keys to the security system. Using a computer and a jerry-built smart-card reader, they discovered that they could challenge the algorithm and deduce a cryptographic key. That would allow them to use a handheld computer to emulate the subscriber identification module and place calls with it. The engineers didn't rule out that their technique could lead someone to devise a device that would steal this information from the airwaves, so that having the card in the first place wouldn't be necessary. On Saturday, the engineers gathered in San Francisco to demonstrate their findings. But, said Mr. Briceno: "We have been informed by counsel that mere possession of this software might be a federal offense. Unfortunately, there will be no demo today. [End]