Comments From: Felix von Leitner (leitner@math.fu-berlin.de) 27Apr98 GERMANY: COMPUTER HACKERS COPY MANNESMANN MOBILE PHONE SIM CARD. Members of the Chaos Computer Club have succeeeded in finding a weak spot in the mobile telecoms network D2. They were able to duplicate a D2 SIM card and thus gain access to the digital mobile telecoms network D2. More than four million people use the D2 network which is operated by Mannesmann Mobilfunk GmbH (Duesseldorf). Mannesmann said that the cloning poses no significant security risk to clients. In order to clone a SIM card, the hackers had to have both a copy of the original SIM card for at least 11 hours and know the PIN number. Scientists at the University of California and the Smartcard Developers Association in the USA already reported weaknesses in smaller mobile telecoms networks at the beginning of April which work on the same GSM standard as the German networks D1, D2 and E-Plus. This is of course bullshit. If they used the same standard, they would all be vulnerable. As a member of the CCC I can clarify a little here. D2 is the only German network using COMP128 right now, which is the GSM reference encryption algorithm. What we did is "simply" implement the attack outlined by Ian Goldberg et al from Berkeley. And we made the necessary software available on www.ccc.de, and there are blueprints for useful hardware. The PIN is not an issue because evil mobile dealers can sell cloned phones now. Our GSM guy says that there are only three networks that are known not to use COMP128 right now, and two of them are in Germany, obviously. For those who speak German, there is a nice round-up on http://www.ccc.de/D2Pirat/index.html and you can download the software there, too. There are pictures of the equipment there, too, that look quite cool ;) What we demonstrated was that you can get the pin from the "secure" envelope without traces and that you can use the attack from Goldberg to get the secret key from the card in about 11 hours without overclocking the card or tricks like that. The URL to Goldberg's method was already posted on ISN I believe. And we showed that the clone and the original can check into the D2 GSM network at the same time, they just can't place calls simultaneously without error messages. This all is of course still very useful to criminals who need anonymous phones. BTW: D2 put out some of the typical press blah like "no real damage", "only theoretical attack", "same problem as when you lose your card", stuff like that ;) What remains to be seen is whether the other German mobile carriers use better or just different algorithms. Felix