Re: Questions on GSM Penetration test

From: Emmanuel Gadaix (emmanuel@relaygroup.com)
Date: 01/27/02


Date: Sun, 27 Jan 2002 10:28:12 +0700
To: M Lister <mlist@m-net.arbornet.org>, Tom Buelens <email@tombuelens.com>
From: Emmanuel Gadaix <emmanuel@relaygroup.com>

You can find interesting information on such topics at:

http://www.isaac.cs.berkeley.edu/isaac/gsm.html

At 09:16 PM 1/26/2002, M Lister wrote:
> > 2. You can copy a sim card.
>
>Please forgive me if this sounds naive, but I was under a *STRONG*
>impression that it is practically impossible to copy a smart card. [Isnt
>that what is used as a SIM card]. From the little that I know of smart
>cards, security is their forte. I know absolute security is an unknown
>concept but still copying a smart card, wouldnt that be too
>difficult?? Wouldnt the cost involved in doing so probably be more than
>the benefits?
>
>A smart card can deny access to certain memory regions based on how it is
>programmed. A card that has crappy programming can be exploited, but would
>this statement of yours always be true. If yes, I would love a small
>explanation.
>
> > 3. You can eavesdrop comunications between basestations.
>
>Out of plain curiosity, is the data encrypted while in transit. I asked
>the dealer here in my country who promptly replied YES, but I doubt he had
>even a vague idea of what I was talking about. Given the amount of data
>and the required level of low latency in cell phones and the fact SIM
>cards are no Crays, I would *LOGICALLY* doubt it. But then I would love to
>be sure.
>
>Also if some one were to sniff/eavesdrop such a conversation, how would
>he go about doing it? I am not asking for the exact info but a generic
>example would be wonderful.
>
>With regards,
>M

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • Risks Digest 27.75
    ... Well.ca loses customer credit card data in security breach" ... Oregon voter registration database hacked, ...
    (comp.risks)
  • Bush forcing National ID Cards on States
    ... Didn't the Republicans have a cow over a national ID card in 1993 when Clinton was President? ... Dispute Over New Rules For Driver's Licenses Could Prevent Millions From Boarding Planes ... The government is proposing a national ID card in the interest of security. ... But federal officials are in no mood for further compromises or any more delays in implementing a plan the 9/11 Commission called a priority three and a half years ago, reports CBS News correspondent Bob Orr. ...
    (alt.politics.bush)
  • Risks Digest 25.73
    ... German electronic health card system failure ... Risks of the Cloud: Liquid Motors ... Oakland 2010, IEEE Symposium on Security and Privacy, CFP ... A friend's facebook account was hacked recently (a neat little short-term ...
    (comp.risks)
  • Re: Questions on GSM Penetration test
    ... I've seen schematics of such device (smartcard reader) and a program for PC. ... You can copy a sim card. ... > impression that it is practically impossible to copy a smart card. ... I know absolute security is an unknown ...
    (Pen-Test)
  • Re: OT TAN: POS Data Mining (was Re: Google at the Pump?!)
    ... Distracted Driver (Hector Goldstein)" ... With the systemwe have in place, we have an encryption key, but do ... and pay attention to how the cashier handles your card. ... security group, can review the videoat their convenience, looking ...
    (rec.autos.driving)