Millions of SIM cards vulnerable to hack attack
Millions of mobile phone SIM cards are vulnerable to hack attacks, according to new warnings from security experts.
Karsten Nohl, security researcher for SR Labs, has said that the seven billion SIM cards in active use globally are vulnerable to over-the-air (OTA) updates deployed via SMS, which can modify a phone to send premium text messages or record your phone calls.
The problem lies in the way many SIM cards still rely on the DES cipher to authenticate OTA updates, which was originally created in the 1970s. DES keys can be cracked if an attacker sends a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature.
Using a technique known as a rainbow table, the cracker can resolve this plaintext-signature to a 56-bit DES key “within two minutes” on a standard computer.
The cracked DES key enables an attacker to send properly signed binary SMS, which download Java applets onto the cracked SIM.
If you use a SIM that’s more than a few years old, it may be wise to ask your carrier to provide you with a new one, as it's currently unclear whether this vulnerability can be patched.
Category: Business Tech, Sim card hack, Technology, Technology News
.jpg)
0 comments