SIM card encryption exploit leaves mobile phone users vulnerable to hacking

Could grant hackers access to device location and SMS functions,Security ,Security

802.11n is certainly not dead and whilst manufacturers are still recommending 802.11n deployments, enterprise IT managers should give some thought to and make plans for the eventual implementation of 802.11ac. This white paper discusses how 802.11ac is being designed to meet the demands of clients in the future, help you understand the technology, what is likely to happen in the transition from 802.11n to ac and how you can get ready to meet these new demands.

Enterprise organisations are constantly being asked to do more work with fewer people, as the size and complexity of infrastructure and applications continue to grow unabated. This guide is intended for companies, organisations, and IT professionals who are looking for a network and application monitoring tool that provides a holistic view of application performance, including performance monitoring, from the end user perspective.

Search by title or subject area

SIM card encryption exploit leaves mobile phone users vulnerable to hacking

A SIM CARD EXPLOIT that could leave millions of mobile phones vulnerable to hacking has been uncovered by German security firm Security Research Labs (SRL).

The research, which is due to be presented at the Black Hat security conference next week, has been detailed on a blog post by SRL founder and cryptographer Karsten Nohl. who said that the use of outdated 1970s cryptography could be exploited, granting hackers access to a device’s location and SMS functions.

In the blog post, Nohl explained that the 56-bit Data Encryption Standard (DES) algorithm used for many SIM cards’ signature verification is weak and outdated and thus “poses a critical hacking risk”.

The security researcher found that it was possible to exploit a SIM card’s SMS over the air (OTA) update system that is built with Java Card, that is, a subset of Java that allows applets to run on small memory devices.

“OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM,” said a blog post on SRLabs.de.

“While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the ’70s-era DES cipher.”

In an experiment, SRL sent an improperly signed binary SMS to a target device using a SIM encoded with DES, which was not executed by the SIM because of a signature verification failure. However, while rejecting the code, the SIM responded with an error code that contained the device’s cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.

Nohl explained that with this key in hand hackers are able to sign malicious software updates with the key and send those updates to the device. The attacker is also able to download Java Card applets, send SMS messages, change voicemail numbers, and query location data.

“This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card,” Nohl added.

Nohl listed three ways that mobile phone manufacturers can defend users against this SIM vulnerability, including SIM cards that support state-of-art cryptography with sufficiently long keys, do not disclose signed plaintexts to attackers, and implement secure Java virtual machines.

Another additional protection Nohn recommended was a SMS firewall anchored into handsets. “Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including ‘silent SMS’,” Nohl said.

The final defence listed by Nohl was “in-network SMS filtering”, which would require filtering at the phone network level. µ

security, security