Comments From: Felix von Leitner (leitner@math.fu-berlin.de)

27Apr98 GERMANY: COMPUTER HACKERS COPY MANNESMANN MOBILE PHONE SIM CARD.

Members of the Chaos Computer Club have succeeeded in finding a weak spot
in the mobile telecoms network D2. They were able to duplicate a D2 SIM
card and thus gain access to the digital mobile telecoms network D2. 

More than four million people use the D2 network which is operated by
Mannesmann Mobilfunk GmbH (Duesseldorf). Mannesmann said that the cloning
poses no significant security risk to clients. 

In order to clone a SIM card, the hackers had to have both a copy of the
original SIM card for at least 11 hours and know the PIN number. 
Scientists at the University of California and the Smartcard Developers
Association in the USA already reported weaknesses in smaller mobile
telecoms networks at the beginning of April which work on the same GSM
standard as the German networks D1, D2 and E-Plus. 


This is of course bullshit.  If they used the same standard, they would
all be vulnerable.  As a member of the CCC I can clarify a little here.
D2 is the only German network using COMP128 right now, which is the GSM
reference encryption algorithm.  What we did is "simply" implement the
attack outlined by Ian Goldberg et al from Berkeley.  And we made the
necessary software available on www.ccc.de, and there are blueprints for
useful hardware.  The PIN is not an issue because evil mobile dealers
can sell cloned phones now.

Our GSM guy says that there are only three networks that are known not
to use COMP128 right now, and two of them are in Germany, obviously.

For those who speak German, there is a nice round-up on

  http://www.ccc.de/D2Pirat/index.html 

and you can download the software there, too.  There are pictures of the
equipment there, too, that look quite cool ;)

What we demonstrated was that you can get the pin from the "secure"
envelope without traces and that you can use the attack from Goldberg to
get the secret key from the card in about 11 hours without overclocking
the card or tricks like that.  The URL to Goldberg's method was already
posted on ISN I believe.  And we showed that the clone and the original
can check into the D2 GSM network at the same time, they just can't
place calls simultaneously without error messages.  This all is of
course still very useful to criminals who need anonymous phones.

BTW: D2 put out some of the typical press blah like "no real damage",
"only theoretical attack", "same problem as when you lose your card",
stuff like that ;)

What remains to be seen is whether the other German mobile carriers use
better or just different algorithms.

Felix