Engineers from IBM and the Swiss Federal Institute of
Technology have come up with how to duplicate vital information from a mobile
phone in a matter of only 60 seconds. Before now, copying or cloning a handset
typically took about eight hours.
BBC reports state that this duplicating of data would mean
that the cost of making a call etc. would be charged to the phone from which the
information was copied, even if calls were made from another handset.
The researchers gained information about the numerical key a
phone uses to uniquely identify its owner by watching how the chip inside the
phone processes information. The team got clues about the unique ID number by
timing how long the chip took to complete certain tasks and by measuring
changing current flows across the chip. Taken together, information about the
duration of tasks, and the voltage pattern they generated revealed what was
being done to the numerical key.
The researchers report that chips can be protected against
these attacks by making sure all computational tasks take the same amount of
time or by changing the way that a chip carries out certain computations.
Mobile users can also protect themselves against the
possibility of such an attack by ensuring they keep their phone with them and
refusing to lend it to strangers. The four researchers - Josyula Rao, Pankaj
Rohatgi, Helmut Scherzer from IBM and Stefan Tinguely from the Swiss Institute -
will be presented at the 2002 IEEE Symposium on Security and Privacy being held
in Oakland, California, US on the third week of May.