LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

Beyond the IMSI catcher, what attacks target the GSM session key and the SIM card itself?

The 64-bit (really 54-bit) session key Kc has a tiny keyspace and is rarely renewed; COMP128 collision attacks recover Ki in hours via a card reader; and a side-channel attack measuring SIM power/EM emissions extracts Ki in minutes with just seven COMP128 computations.

Session-key weaknesses:

  • Kc is only 64 bits (54 effective) — a short keyspace
  • The key is renewed only per MSC policy — often only after several days
  • Encryption uses a sequential frame number, not a random value — predictable

Attacks on the secret key Ki:

  • COMP128 collision attack: because the effective key is only 54 bits, a collision attack costs only O(2¹⁸) (birthday paradox) — the secret Kc/Ki falls quickly
  • SIM cloning via card reader: remove the SIM, issue fake authentication requests with a reader and software; Ki is typically cracked within a few hours (implementations like the comp128 tool on GitHub exist)
  • Side-channel attack: with physical access to the SIM, measure power consumption and EM emissions during COMP128. Only seven COMP128 computations are needed → Ki read out in minutes (Zhou et al.)

Encryption breaks: A5/1 is breakable in real time (O(2⁴⁰)); A5/3 is O(2⁶⁴).

The recurring lesson: small keys + weak algorithm + physical access to the SIM = the master secret is not safe. And remember: even when working, GSM encryption only covers the MS↔BTS hop.

Go deeper:

  • doc COMP128 (Wikipedia) — the diffusion flaw behind the collision attack that recovers Ki from the SIM via a card reader, and why the small key makes it cheap.
  • tool pmoerenhout/comp128 (GitHub) — a working implementation of COMP128-1/-2/-3 (the A3/A8 functions): exactly the kind of "comp128 tool" referenced above, so you can see RAND + Ki → SRES + Kc computed in code.

From Quiz: MOBINFSEC / GSM & LTE Security Infrastructure | Updated: Jul 05, 2026