750 million phones could be vulnerable in massive SIM security flaw
Karsten Nohl, the founder of German firm Security Research Labs, discovered that sending a fake carrier message to a phone prompted an automated response from 25 percent of DES SIMs that revealed the cards' 56-bit security key. With that key in hand, Nohl was able to send a virus to the SIM with a text message. The virus allowed him to impersonate the phone's owner, intercept text messages, and even make carrier payments. The New York Times cites Nohl as claiming that the entire operation takes "about two minutes" using a regular PC.
Over the past two years, Nohl has tested his method on around 1,000 cards across North America and Europe. DES is used in around three billion mobile SIMs worldwide, of which Nohl estimates 750 million are vulnerable to the attack. Many carriers use SIMs with the stronger triple-DES encryption method, which are not susceptible to Nohl's method, and DES in general has been phased out in favor of AES (Advanced Encryption Standard).
The flaw has been disclosed to the GSMA, an association made up of mobile operators and other companies in the field that oversees the deployment of GSM networks. The GSMA has informed SIM manufacturers and other companies involved of the situation, who are all analyzing how to best deal with the flaw. With the "responsible disclosure" taken care of, Nohl will detail his attack method at the Black Hat security conference on August 1st. He also plans to publish a "comparative list" detailing the SIM card security of each mobile carrier in December. Hopefully by then the at-risk operators will have taken the necessary steps to neutralize the vulnerability.
Posted:
Related Forum: PC General Forum
Source: http://www.theverge.com/2013/7/21/4542782/sim-card-des-security-flaw-security-research-labs
Related Articles
Comments
slapshot101Posted:
That sucks I am on a GSM network phone, I hope I am not one of the ones affected. But this is a serious problem if it can be done with a regular PC. It's not a shock that people found a hack to the phones though.
KatsumiPosted:
Mortar This is horrible news, it was at least somewhat of a relief that remote hackers lurked mainly on computers, but this could be quite dangerous.
Well seeming that 750 million people are effected by this it's a pretty big issue, i could see at least a small percentage of them being effected
TaigaAisakaPosted:
varMortar This is horrible news, it was at least somewhat of a relief that remote hackers lurked mainly on computers, but this could be quite dangerous.
I hope my phone is not vulnerable
What I want to know is if it matters if the SIM card is activated or not. Mine isn't activated(It's still in my phone though) but I connect my iPhone 5 to my WiFi and I'm able to call and text no problem.
DMNDSPosted:
varMortar This is horrible news, it was at least somewhat of a relief that remote hackers lurked mainly on computers, but this could be quite dangerous.
I hope my phone is not vulnerable
I hope mine doesnt either
IlIuminatiPosted:
Mortar This is horrible news, it was at least somewhat of a relief that remote hackers lurked mainly on computers, but this could be quite dangerous.
I hope my phone is not vulnerable
MortarPosted:
This is horrible news, it was at least somewhat of a relief that remote hackers lurked mainly on computers, but this could be quite dangerous.
Latest Downloads
- 01. Hellgate: London - SaveGame (completed to the station Charing cross)(0)
- 02. Cabela's Dangerous Hunts 2011 SPECIAL EDITION(0)
- 03. Hellgate: London - SaveGame (completed to boss Berial)(0)
- 04. S.T.A.L.K.E.R. 2: Heart of Chornobyl - SaveGame (Before the final quests)(6)
- 05. EU - Digimon Survive (CUSA18242)(1)
- 06. Callisto Protocol - NG+ Hardcore File Save(0)
- 07. Goat Simulator 3: SaveGame (Save with full walkthrough and all items)(2)
- 08. S.T.A.L.K.E.R. 2: Heart of Chornobyl - SaveGame (before choosing between a varta and a monolith)(7)
- 09. Rock Band 3 99% Save Wii(0)
- 10. Dead Rising 2: Off the Record - SaveGame (50 lvl, 5.000.000$, S/A)(0)
- 11. Need for Speed: Undercover - Save Game (4th level of the racer)(0)
- 12. [EU] F.I.S.T.: Forged in Shadow Torch (CUSA28371)(11)
- 13. Ghost Exile: SaveGame (Level 50 with 30,000 money)(2)
- 14. S.T.A.L.K.E.R. 2: Heart of Chornobyl - SaveGame (progress from the Dump to the Boat)(13)
- 15. Cyberpunk 2077: Phantom Liberty - SaveGame (The areas have been cleared.(9)
Latest Tutorials
- 01. PS3 HEN - Audio via a USB headset.(613)
- 02. Stumble Guys | Social Butterfly Achievement(337)
- 03. Last Days of Lazarus Achievement Walkthrough (Xbox/PS)(1,647)
- 04. EDENGATE: The Edge of Life - 100% Trophy/Achievement Guide(2,072)
- 05. Sherlock Holmes Chapter One | Walkthrough | No Commentary(1,669)
- 06. Morbid: The Seven Acolytes | Full Game Walkthrough(2,749)
- 07. Adam Wolfe | Full Game Walkthrough | No Commentary(1,805)
- 08. ALFRED HITCHCOCK: VERTIGO - 100% Walkthrough(2,199)
- 09. SHERLOCK HOLMES THE AWAKENED | Walkthrough | No Commentary(1,543)
- 10. Space Roguelike Adventure | Guide - Cheat Code!(1,769)
- 11. DETECTIVE Stella Porta Case | Trophy & Achievement Guide(1,326)
- 12. Tunic 100% Platinum Walkthrough | Trophy & Achievement Guide(2,032)
- 13. Outbreak: The Nightmare Chronicles Achievement Walkthrough(1,636)
- 14. Full Void 100% - Trophy & Achievement Guide(1,677)
- 15. Outbreak: Lost Hope #Xbox Achievement Walkthrough(2,455)
"750 million phones could be vulnerable in massive SIM security flaw" :: Login/Create an Account :: 65 comments