The Wall Street Journal, April 13, 1998, pp. A3, A12.

Flaw Is Found in Digital Phone System That May Let Hackers Get Free Service
By Jared Sandberg

Computer-security engineers said they have found a weakness in the world's most pervasive digital cellular phone technology, a flaw some fear could eventually allow unscrupulous hackers to obtain free service by impersonating legitimate customers.

A software developer and two graduate students said they can extract key security information from so-called GSM digital cellular phones, a technology in use by almost 80 million people world-wide. The breach is notable because such phone systems, unlike older analog cellular networks, were believed to be practically tamperproof.

The security information is contained in a "subscriber identification module," or SIM card, a credit card-like device inserted into digital cellular phones that identifies each customer to the telephone system. The engineers said they could copy the card and store its information on a computer or a device as simple as a hand-held electronic organizer. When the computer is connected to a phone, the cellular network believes it is being used by an authentic customer.

Key Unlocks Security

"Once you've recovered the key, all of the security in the system has been compromised," said one of the security experts, David Wagner, a 23-year-old graduate student at the University of California at Berkeley. "What else will be found if other people looked at it?"

But some industry observers said the weakness will have negligible impact. The three experts haven't found a way to extract the security codes as they are being transmitted through the airwaves from a telephone to the network -- the "cloning" problem of analog phone systems -- though such a system may someday be devised. Instead, their technique requires that they be in possession of a SIM card.

"It doesn't damage the integrity of the system nor does it put customers or operators at risk," said George Schmitt president of Omnipoint Communications Inc., one of this country's GSM operators.

Still, cryptography experts at universities make a sport of cracking some of the most popular technologies. Microsoft Corp., Netscape Communications Corp. and Sun Microsystems Inc. have all been strafed by campus cryptographers. "There's a lot of glee at poking holes in the overblown statements" of corporations, said Eric Hughes, founder of Simple Access Inc., an electronic-commerce company in San Francisco that hosted the announcement by the three who cracked the GSM code.

Track Record of Poking Holes

The latest hacking handiwork marks at least a hat trick for Mr. Wagner and his cohort Ian Goldberg, who have become famous for cracking purportedly secure code. In the fall of 1996, the duo discovered a flaw in the technology of Netscape's Web browser software that protects the privacy of credit-card purchases. Then Mr. Goldberg followed by breaching the relatively weak encryption code that the U.S. government lets companies export.

Marc Briceno, 36 years old, director of the Smart Card Developers Association, which represents companies that write software for cards similar to those used in GSM phones, began trying to piece together one of the GSM technology's secret algorithms in January. Mr. Briceno received a document detailing part of the so-called COMP128 algorithm that had been leaked by a researcher, he said.

After spending several months filling the holes in the algorithm, he took it to Messrs. Wagner and Goldberg. Within two hours, the two had found a flaw in the algorithm, and they developed software that would challenge the algorithm to see if it could produce other keys to the security system. Using a computer and a jerry-built smart-card reader, they discovered that they could challenge the algorithm and deduce a cryptographic key. That would allow them to use a handheld computer to emulate the subscriber identification module and place calls with it.

The engineers didn't rule out that their technique could lead someone to devise a device that would steal this information from the airwaves, so that having the card in the first place wouldn't be necessary.

On Saturday, the engineers gathered in San Francisco to demonstrate their findings. But, said Mr. Briceno: "We have been informed by counsel that mere possession of this software might be a federal offense. Unfortunately, there will be no demo today.