COMP128v1 Mass Exploitation (2013)

Background

COMP128v1 is a cryptographic algorithm used for GSM authentication on SIM cards. Despite known weaknesses published in 1998, many operators continued using it well into the 2010s. In 2013, practical exploitation tools became widely available, leading to mass SIM cloning operations.

Discovery

Security researchers demonstrated practical attacks against COMP128v1 at security conferences in 2013. The release of open-source tools made these attacks accessible to criminal groups, leading to large-scale exploitation across multiple countries and operators.

Scope

The vulnerability affected millions of SIM cards globally, particularly in developing markets where operators were slower to upgrade to more secure algorithms. The exploitation resulted in massive telecommunications fraud and unauthorized network access.

Vulnerability

Mathematical weakness in COMP128v1 algorithm allowing Ki key extraction

• Chosen-plaintext attack using carefully crafted RAND challenges
• Exploits collision properties in the compression function
• Allows extraction of the secret Ki key from the SIM card
• Requires physical access to SIM card and smart card reader

Attack Method

Extraction Time

The complete Ki key can be extracted in 8-16 authentication rounds, typically taking only a few minutes with the right equipment. This makes the attack practical for large-scale operations.

Impact Scope

Complete compromise of SIM authentication allows attackers to make calls, send SMS, and access data services as the legitimate subscriber, resulting in massive fraud and privacy violations.

Key Lessons

• Legacy cryptographic algorithms pose ongoing security risks
• Need for proactive algorithm lifecycle management
• Importance of timely security updates and migrations
• Physical security of SIM cards remains critical
• Industry coordination essential for security improvements

Preventive Measures