Monday, April 27, 1998

Card clone gives mobile phone security a jolt

By DAVID PASSEY

Telstra and Optus may be susceptible to fraud following the successful cloning of security cards used to protect individual numbers.

A report in the information technology magazine LAN says University of California researchers have replicated the cards, exposing a flaw that has the potential to undermine the security of mobile phones around the world.

Optus has confirmed it uses the security system, based on a so-called SIM card, for its one million phones. But Telstra, with a 1.5 million network, has refused to confirm or deny that it uses the system. Vodaphone, which has 500,000 customers in its network, does not use this security system.

According to the editor of LAN, Mr Ben Gerholt, the procedure used to clone the cards is highly complex, and the equipment so expensive that the risk of widespread fraud is limited.

But by effectively cracking these security codes - used in an estimated 80 million mobile phones worldwide - it is shown it is possible for a person to use the counterfeited cards in any digital mobile phone to access all services.

"It is these GSM SIM cards which make your mobile phone an individual unit, with the number owned and controlled by [the mobile service owner]," Mr Gerholt said. "The fact that the technology has now been breached leaves the network potentially vulnerable."

In the report a Telstra spokesman said: "Our security arrangements are confidential. We have a number of mechanisms to detect and prevent fraudulent activity on our network."

Optus said: "Optus views the security of our network very seriously and has systems in place to best protect our network and customers. We recognise there is a very small possibility of a SIM card being cloned, yet every Optus SIM card has data stored on the card which is very difficult, if not impossible, to duplicate."

This material is subject to copyright and any unauthorised use, copying or mirroring is prohibited.