We know those tiny gold chips hidden inside our phones that hold the key to our dearest gems. Phone numbers, account numbers, passwords, games, and the irreplaceable pictures from way back when. Research has shown that millions of SIM cards in use today are vulnerable to being hacked. These memory bites are susceptible to being cloned remotely, or even have the voice mail numbers changed in the blink of an eye.
These cards are vulnerable from a Seventies-era cipher that are being used worldwide, according to Security Research Labs. Karsten Nohl from Security Research Labs states, “With over seven billion cards in active use, SIMs may well be the most widely used security token in the world.”
The hacked SIM cards, allow spying, encryption keys for calls, SMSs being read, and mobile identity. There are over six billion cellphones being used today, and not everyone is updated with a smartphone that doesn’t use a SIM card.
The outdated SIM cards have a Data Encryption Standard (DES encryption) which is an algorithm for the encryption of electronic data. Nohl tested 1,000 SIMs in the time-frame of two years and found that 1/4 of those were vulnerable.
Java Applets
When the software updates, cryptographic-secured SMS messages- that use Java software, pose a “critical hacking risk”. – Karsten NohlSo the hackers would send a neglected signed OTA command with the SIM cards responding as a cryptographic signature which is then resolved to a 56-bit key on the computer. This is how the attacker installs the Java applets. The Java applet can then break out out and access the rest of the card. Newer cards are being designed to protect such attacks from happening, networks and handsets are getting on board with these defense techniques.
References:
“Hugely significant” SIM card vulnerability leaves millions of cellphones at risk – We Live Security
http://www.welivesecurity.com/2013/07/22/hugely-significant-sim-card-vulnerability-leaves-millions-of-cellphones-at-risk/
July 22, 2013
Data Encryption Standard – Wikipedia
http://en.wikipedia.org/wiki/Data_Encryption_Standard
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+
No comments:
Post a Comment