Specifications
Smart Cards Lab COMPGA12 University College London
14.5 An Embarrassing Discovery
If we do the above steps and are able to run RUN GSM ALGORITHM for
a SIM card from a number of countries the Kc keys obtained are typically
NOT random (!).
For example, depending on the card, the operator and the country, we
will see that no matter how many times we try, certain bits of the key
will always be 0. Thus, many SIM cards in various countries have been
deliberately weakened to generate weaker keys, probably so that to make
GSM communications easier to eavesdrop for the government.
To see this, just repeat the last RUN GSM ALGORITHM command and
change some bytes in the random. Repeat several times.
You may write below the results obtained:
Remark 1. This fact is known among some well-informed security
professionals, but it is NOT in general known to the public of the concerned
countries...
Remark 2. In contrast, UK SIM cards typically have keys on 64 bits.
c
Nicolas T. Courtois 2009-10