| From: | Stephen Webber |
| Date: | 18 Apr 2001 at 21:50:52 |
| Subject: | Re: Phone Hoax E-mail |
Hi Anthony
On 17-Apr-01, you wrote:
> Richard Friend. On Tue, 17 Apr 2001 you wrote:
>> Is it not possible to clone a sim card? I know it used to be!
>> I may be wrong, of course!
> You`re probably thinking about Cloning of the old ETACS standard (which
> didn`t have sim cards). With simple equiptment you could pull the required
> information out of the air and clone a handset to believe it was another,
> because the handset ESN was sent as a burst of tones and could easily be
> decoded. That was one of the reasons behind the move to the GSM standard.
Correct. They were also very easily monitored by using a radio scanner.
> I`m sure Steven will give you a far more in depth answer than I (and correct
> my errors), but gathering any information in this way from a GSM network is
> virtually impossible as the handsets use encryption and timeshare with each
> other to maximise bandwidth usage, and as mobile phones are, urm, mobile, the
> timing of packets of data can vary within a short time if the user is in a
> car or on a train.
Yes and no. Yes the handsets use encryption, but the fact that they share (up
to) 8 digital channels per frequency is merely better use of capacity. To
clone a SIM card, you would need far more information than is sent over the air
at once. For example, most people know about the MSISDN (Mobile Station
Integrated Services Digital Network) or phone number. But equally important is
your IMSI (International Mobile Subscriber Identity) which is only ever
broadcast when you turn your phone on, and not at the same time as your MSISDN.
thereafter, the network allocates you a TMSI, or Temporary mobile Subscriber
Identity which is used instead of your IMSI, and changes periodically. You
need MSISDN and IMSI, plus a few other things which I won't go into in case
people start getting ideas (go read the ETSI specs if you are really desperate
to know), and the MSISDN and IMSI are never sent together.
> Actually it amazes me that they connect at all. Oh wait a minute, one2one
> handsets dont :0)
No comment :-)
> I understood the weakest point in the system was the potential to intercept
> point to point microwave transmissions between the network infrastructure,
> and I think you`d have to pretty game to try that :)
Don't try this one kids.
These words are mine, and NOT those of my employer!
Regards
"When my kids become wild and unruly, I use a nice, safe playpen. When they're
finished, I climb out."
- Erma Bombeck
------------------------ Yahoo! Groups Sponsor ---------------------~-~>
Secure your servers with 128-bit SSL encryption!
Grab your copy of VeriSign's FREE Guide,
"Securing Your Web site for Business." Get it now!
http://us.click.yahoo.com/KVNB7A/e.WCAA/bT0EAA/d8AVlB/TM
---------------------------------------------------------------------_->
Quote carefully and read all ADMIN:README mails
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/