This week Steve Lord, consultant, X-Force Security Assessment Services for Internet Security Systems, argues that, while some functions of GSM offer impressive levels of security, others should not be trusted.

Mobile phones, mostly based on GSM technology, are everywhere. But what users may not realise is that many of the security technologies it uses have flaws. And these could help people hack your SIM card, track you as you use your phone, or even send fake text messages.

The most commonly used encryption algorithm to authenticate users on a GSM network is known as COMP128, which was broken by David Wagner and Ian Goldberg in less than a day.

After spotting several flaws in the algorithm, they went on to prove that it was possible to obtain the information necessary to clone a SIM, although it requires possession of the SIM for about eight hours.

Underground hacking tools, freely available on the internet, make this feasible.

These tools require a SIM card reader in order to extract the information that uniquely identifies the subscriber. It is then possible to write the information to other cards, effectively cloning the SIM.

By making some modifications to a SIM card reader the time required to clone a SIM drops significantly, but there is a higher risk of destroying the original SIM.

These particular problems with COMP128 have been known for years and very little was being done to fix them until IBM researchers discovered a way to clone SIMs in a few seconds.

Then new versions of COMP128 were finally released. These fixed the issues surrounding cloning for now, although the majority of SIMs in circulation still use the original COMP128 algorithm.

In order to avoid casual eavesdropping, a cryptographic mechanism known as A5 is used to encrypt communications between the handset and the base station.

Different versions of the A5 algorithm are used in different countries. The two most common versions (A5/1 and A5/2) were found to be fundamentally flawed.

In fact, A5/2 took researchers less than a day to crack, although information about the methods used was never formally published.

Biryukov, Shamir and Wagner also discovered three possible attacks on A5/1 that would yield effective results and could be achieved on a modern PC in seconds.

It should be noted that, at the time this was performed, the equipment used was prohibitively expensive.

But the hardware costs have significantly reduced over time and today the equivalent system could be created for less than $40,000, placing it well within the budgets of organised criminals or those interested in industrial espionage.

One of the lesser-known features of GSM is the ability to fix a subscriber's location. Although many people are unaware of it, it is possible to locate handsets to within metres in some cases.

Every GSM network has the required functionality, and the location information the network maintains on subscribers is automatically updated.

In areas with a high density of users, such as between London's Piccadilly Circus and Leicester Square, the operator, or appropriate government agency, can track individual subscribers to a resolution of several hundred metres.

On the other hand, in rural Scotland the situation is quite different. Locating an injured person on a Scottish mountainside requires additional mathematics to pinpoint them with more accuracy.

SMS is a huge source of revenue for operators and is generally trusted by end-users who are unaware of the vulnerabilities within SMS.

Subscribers choose to conduct business communications, disclose passwords and receive reports from systems using this insecure mechanism.

It is a trivial task to forge the originating address of an SMS and send flash messages to certain phones that don't display any information about the sender (or indeed that it is an SMS, and not an internal message).

To test this, my colleagues sent text messages instructing friends to do various things, such as turning off their mobile phone for 30 minutes.

In all cases, the recipient of the message did as they were told. People relying on SMS-based applications should take note that the last message you received regarding your balance may not have come from your bank.

Over the next few years, we expect to see GSM interception being used in organised crime, if it isn't already. Businesses concerned about the risks of insecure communication should consider using alternatives such as Terrestrial Trunked Radio (Tetra) or secondary voice encryption technology like PGPPhone or SpeakFreely.

All the commonly used encryption mechanisms have proved vulnerable, so mobiles should never be trusted when communicating confidential information.

Location tracking facilities may raise privacy concerns. We advise that phones are switched off if this is an issue.

SMS is untrustworthy, and end-users should always confirm the contents of an SMS if deemed important.

Overall, whilst some functions of GSM offer impressive levels of security, others should not be trusted. Businesses should bear this in mind when using GSM phones for confidential purposes.