Engineers from IBM and the Swiss Federal Institute of Technology have come up with a method to duplicate vital information from a mobile phone in a matter of only 60 seconds. Before now, copying, or cloning, a handset typically took about eight hours.
BBC reports state that this duplicating of data would mean that the costs of making a call would be charged to the phone from which the information was copied, even if calls were made from another handset.
The researchers gained information about the numerical key a phone uses to uniquely identify its owner by watching how the chip inside the phone processes information. The team got clues about the unique ID number by timing how long the chip took to complete certain tasks and by measuring changing current flows across the chip. Taken together, information about the duration of tasks, and the voltage pattern they generated revealed what was being done to the numerical key.
The researchers report that chips can be protected against these attacks by making sure all computational tasks take the same amount of time or by changing the way that a chip carries out certain computations.
Mobile users can also protect themselves against the possibility of such an attack by ensuring they keep their phone with them and refusing to lend it to strangers. The four researchers - Josyula Rao, Pankaj Rohatgi, Helmut Scherzer from IBM and Stefan Tinguely from the Swiss Institute - will be presented at the 2002 IEEE Symposium on Security and Privacy being held in Oakland, California.