1 min read

SIM Cards Vulnerable to Hacking; Millions of Phones Possibly Affected

Loredana BOTEZATU

July 23, 2013

Promo Protect all your devices, without slowing them down.
Free 30-day trial
SIM Cards Vulnerable to Hacking; Millions of Phones Possibly Affected

Outdated encryption standard may cripple millions of phones and make them vulnerable to spying, a cryptographer with Security Research Labs intends to demonstrate at the Black Hat security conference in Las Vegas.

Security Researcher Karsten Nohl managed to make a SIM card reveal its location and grant him access to some of the handset functions.

Of the approximate 7 billion SIM cards worldwide, many still use DES (Data Encryption Standard), a weak encryption standard from 1970s that presents no problem for a techie seeking the private key used to sign content encrypted with DES.

To extract a DES over-the-air (OTA) key, the researcher sent a binary SMS to the targeted device. “The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer,” the researcher explains in a blog post.

With the operator`s private key in hand, someone can send properly signed binary SMSs to write malicious firmware updates over the air, push fake updates, force devices to run malicious or dangerous applications, and ask for the location of the phone.

In response, the GSM Association, a mobile communication trade group said “there is no evidence to suggest that today’s more secure SIMs, which are used to support a range of advanced services, will be affected,” implying that only a limited number of old encryption standards are vulnerable to spying.

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader