Quiz Entry - updated: 2026.07.05
Beyond the IMSI catcher, what attacks target the GSM session key and the SIM card itself?
The 64-bit (really 54-bit) session key Kc has a tiny keyspace and is rarely renewed; COMP128 collision attacks recover Ki in hours via a card reader; and a side-channel attack measuring SIM power/EM emissions extracts Ki in minutes with just seven COMP128 computations.
Session-key weaknesses:
- Kc is only 64 bits (54 effective) — a short keyspace
- The key is renewed only per MSC policy — often only after several days
- Encryption uses a sequential frame number, not a random value — predictable
Attacks on the secret key Ki:
- COMP128 collision attack: because the effective key is only 54 bits, a collision attack costs only O(2¹⁸) (birthday paradox) — the secret Kc/Ki falls quickly
- SIM cloning via card reader: remove the SIM, issue fake authentication requests with a reader and software; Ki is typically cracked within a few hours (implementations like the comp128 tool on GitHub exist)
- Side-channel attack: with physical access to the SIM, measure power consumption and EM emissions during COMP128. Only seven COMP128 computations are needed → Ki read out in minutes (Zhou et al.)
Encryption breaks: A5/1 is breakable in real time (O(2⁴⁰)); A5/3 is O(2⁶⁴).
The recurring lesson: small keys + weak algorithm + physical access to the SIM = the master secret is not safe. And remember: even when working, GSM encryption only covers the MS↔BTS hop.
Go deeper:
COMP128 (Wikipedia) — the diffusion flaw behind the collision attack that recovers Ki from the SIM via a card reader, and why the small key makes it cheap.
pmoerenhout/comp128 (GitHub) — a working implementation of COMP128-1/-2/-3 (the A3/A8 functions): exactly the kind of "comp128 tool" referenced above, so you can see RAND + Ki → SRES + Kc computed in code.