Re: Questions on GSM Penetration test

From: M Lister (mlist@m-net.arbornet.org)
Date: 01/26/02 

Date: Sat, 26 Jan 2002 09:16:02 -0500 (EST)
From: M Lister <mlist@m-net.arbornet.org>
To: Tom Buelens <email@tombuelens.com>

> 2. You can copy a sim card.

Please forgive me if this sounds naive, but I was under a *STRONG*
impression that it is practically impossible to copy a smart card. [Isnt
that what is used as a SIM card]. From the little that I know of smart
cards, security is their forte. I know absolute security is an unknown
concept but still copying a smart card, wouldnt that be too
difficult?? Wouldnt the cost involved in doing so probably be more than
the benefits?

A smart card can deny access to certain memory regions based on how it is
programmed. A card that has crappy programming can be exploited, but would
this statement of yours always be true. If yes, I would love a small
explanation.

> 3. You can eavesdrop comunications between basestations.

Out of plain curiosity, is the data encrypted while in transit. I asked
the dealer here in my country who promptly replied YES, but I doubt he had
even a vague idea of what I was talking about. Given the amount of data
and the required level of low latency in cell phones and the fact SIM
cards are no Crays, I would *LOGICALLY* doubt it. But then I would love to
be sure.

Also if some one were to sniff/eavesdrop such a conversation, how would
he go about doing it? I am not asking for the exact info but a generic
example would be wonderful.

With regards,
M

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Bush forcing National ID Cards on States
    ... Didn't the Republicans have a cow over a national ID card in 1993 when Clinton was President? ... Dispute Over New Rules For Driver's Licenses Could Prevent Millions From Boarding Planes ... The government is proposing a national ID card in the interest of security. ... But federal officials are in no mood for further compromises or any more delays in implementing a plan the 9/11 Commission called a priority three and a half years ago, reports CBS News correspondent Bob Orr. ...
    (alt.politics.bush)
  • Re: Questions on GSM Penetration test
    ... I've seen schematics of such device (smartcard reader) and a program for PC. ... You can copy a sim card. ... > impression that it is practically impossible to copy a smart card. ... I know absolute security is an unknown ...
    (Pen-Test)
  • Re: OT TAN: POS Data Mining (was Re: Google at the Pump?!)
    ... Distracted Driver (Hector Goldstein)" ... With the systemwe have in place, we have an encryption key, but do ... and pay attention to how the cashier handles your card. ... security group, can review the videoat their convenience, looking ...
    (rec.autos.driving)
  • Tell me again how we are so much more secure?
    ... Homeland Security accepts fake ID ... The Department of Homeland Security allowed a man to enter its headquarters ... federal rules that say the Mexican-issued card is not valid ID at government ... Mexican government publicly acknowledges is not a secure document. ...
    (alt.politics)
  • Re: Is TSA planning new ID rules for operators & passengers of small planes & boats?
    ... "New Security Rules For Small Boats, ... national ID card. ... estimate the cost of this initiative. ... "As Maine goes, so goes the nation," said Charlie Mitchell, ...
    (rec.aviation.piloting)