German Researcher Discovers SIM Card Encryption Flaw Exposing Smartphones

rated by 0 users
This post has 5 Replies | 0 Followers

Top 10 Contributor
Posts 26,078
Points 1,182,930
Joined: Sep 2007
ForumsAdministrator
News Posted: Mon, Jul 22 2013 10:03 AM
Cyber criminals are always on the hunt for ways to disrupt your digital life, and with mobile devices playing an increasingly important role in our day-to-day operations, you can bet they'll be paying attention to your tablet and smartphone. Speaking to the latter, a German security guru discovered a frightening flaw related to the encryption technology found in some SIM cards.

By exploiting the encryption hole, a remote attacker could easily figure out a SIM card's 56-digit key, and then use that key to send a virus to the SIM card through a simple text message. Karsten Nohl, founder of Security Research Labs, claims to have tested this out, saying he was then able to listen in on the caller, make purchases, and masquerade as the handset's owner, The New York Times reports. All that's required is a little know-how, a PC, and about two minutes time.

SIM Card Holder

"We can remotely install software on a handset that operates completely independently from your phone," Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."

Scary stuff, and according to Nohl, some 750 million phones could be vulnerable to this rather easy-to-exploit security hole. Phones affected are those that have SIM cards relying on the older D.E.S. (data encryption standard) protocol. Around 3 billion mobile phones use D.E.S. encryption, and while carriers have started using Triple D.E.S., many SIM cards still rely on the older standard.

(Update 7/22, 10:47AM: Headline changed to reflect exploit seen on some SIM cards but not all.)
  • | Post Points: 50
Not Ranked
Posts 1
Points 20
Joined: Jul 2013

Inaccurate headline. Shame on you.

  • | Post Points: 20
Top 25 Contributor
Posts 3,561
Points 54,715
Joined: Jul 2004
Location: United States, Massachusetts
ForumsAdministrator
MembershipAdministrator
Dave_HH replied on Mon, Jul 22 2013 10:54 AM

Headline correction made. The world "all" should not have been in there.

Editor In Chief
http://hothardware.com


  • | Post Points: 5
Top 150 Contributor
Posts 619
Points 5,260
Joined: Dec 2011

Why do Germans seem to be the ones constantly looking for and finding these bugs?

  • | Post Points: 20
Top 150 Contributor
Posts 541
Points 4,510
Joined: Apr 2012
Location: Schertz, Texas
ajm531 replied on Tue, Jul 23 2013 1:24 AM

thats some scary stuff. im gonna go renew my simcard. ill be right back.......

  • | Post Points: 5
Top 50 Contributor
Posts 2,911
Points 24,625
Joined: Jul 2001
Location: United States, New York
digitaldd replied on Tue, Jul 23 2013 8:29 AM

MayhemMatthew:

Why do Germans seem to be the ones constantly looking for and finding these bugs?

 

The Chaos Computer Club is in Germany, world largest hacking congress. they also put together a yearly gathering that makes defcon seem tiny.

 

Things were so much easier when you could just clone and IMEI and phone number by using an EPROM burner.

 

  • | Post Points: 5
Page 1 of 1 (6 items) | RSS