Security Exposures Found In GSM (Part 1)

There are risks that GSM (Global System for Mobile Communications) services(Mobile Network Pltform)  suffer from, real threats to Network Operators businesses, as many network operators rely on the integrity of the handset identification, IMEI (International Mobile Equipment Identity – in effect the handset electronic serial number) . But just how reliable is the IMEI?

By Alan Shirichena


At one point in time within the Zimbabwean market, Network Operators sold phones that were locked into a particular network meaning you could only register into that network alone and utilise their SIM (Subscriber Identity Module) alone.

That process meant locking the handset to the SIM by a given network provider, however this was easily overcome by reprogramming the IMEI which is the seed of the SIM lock. Alternately handset lock codes were readily reprogrammed , tools to allow anyone to do this are readily available for sale on the WWW (World Wide Web) for many types of phones.

The SIM to ME interface is a simple serial protocol, with no security protection. Information can be read and altered across the interface. Any service of a confidential or financial nature relying on this interface would be easily compromised.Confidentiality is of prime importance to both customer and service provider, both are concerned with the possibility that conversations could be illegally intercepted.

GSM uses authentication as a basic feature to validate that the phone is the true owner of the subscription(due to Ki in the SIM). This prevents ‘clonned SIM’ calls on the network. Protects both customer and network from ‘technical ‘ fraud.
The key “Ki” is essential to the security of GSM, it is the secret authentication key. KI stands for Key Indicator (encryption seed used in GSM/PCN and derivative systems call setup).

However, a so called false base station using GSM radio resources and a limited sub-set of call-protocols can cause the phone to transmit IMSI (International Mobile Station Identity – the SIM subscriber identity) and handset IMEI. Utilising call control software could actually support call set-up.

Without knowledge of the SIM Ki, the false base station would not be able to truly authenticate the SIM, and would force a protocol exchange with the handset to disallow encryption of the speech air i/f link. However to convince the phone user that all was well, an onward interconnect to the intended called party would need to be established.


To be continued……

Marvelous Chibagidhi

World Cup Brings Artificial Turf Technology To Life!

Previous article

University of Zimbabwe Holds ICT Projects Exhibition Today

Next article


Leave a reply

Your email address will not be published. Required fields are marked *