Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide

New Downloads
Guru3D RTSS Rivatuner Statistics Server Download 7.3.0 Final
Media Player Classic - Home Cinema v1.9.10 Download
GeForce 461.72 WHQL driver download
AIDA64 Download Version 6.32.5640 beta
CrystalDiskInfo 8.11.2 Download
AMD Radeon Adrenalin Edition 21.2.3 driver download
GPU-Z Download v2.37.0
Intel HD graphics Driver Download Version: DCH27.20.100.9313
HWiNFO Download v6.43 - 4380 Beta
AMD Radeon Adrenalin Edition 21.2.2 driver download


New Forum Topics
NVidia Anti-Aliasing Guide (updated) New Agesa 1.2.0.1 Fixes L3 Cache Performance & Includes Improvements For Ryzen 5000 CPUs Download: Guru3D RTSS Rivatuner Statistics Server 7.3.0 Final RTSS 6.7.0 beta 1 Any way to "Half-Refresh V-Sync" with AMD GPUs? Thanks! Review: MSI GeForce RTX 3060 Gaming X TRIO GeForce 461.72 WHQL drivers: download & discussion WDDM 3.0 / 465.51 New Upcoming ATI/AMD GPU's Thread: Leaks, Hopes & Aftermarket GPU's New AMD Radeon drivers - how to save monitor profiles?




Guru3D.com » News » Major SIM Card Security Flaw Uncovered

Major SIM Card Security Flaw Uncovered

by Hilbert Hagedoorn on: 07/26/2013 06:41 AM | source: | 4 comment(s)
Major SIM Card Security Flaw Uncovered

Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times on Sunday that he has discovered a flaw in the encryption technology used in some SIM cards. This vulnerability could allow hackers to eavesdrop on the device owner while in a call, make purchases through mobile payment systems, and possibly even impersonate the device owner.

Around 750 million devices could be vulnerable to attacks thanks to this flaw. According to the paper, the newly discovered encryption hole allows the attacker to obtain the SIM card's 56-digit key. Nohl said that he was able to acquire a key by sending the target device an SMS using a false signature for the device's wireless carrier.

Typically, both the device and wireless carrier verify their identities by comparing digital signatures. If a device recognizes a false signature, it will end transmission. Nohl said that 75 percent of the messages he sent to cellphones recognized the fake signature and immediately ended transmission. However, the other 25 percent broke off communication as well, but they also sent error messages back to Nohl that included their own encrypted digital signatures. That was enough information for Nohl to derive the SIM card's encryption key.

Thus with the correct key in hand, Nohl proceeded to send a virus to the SIM card using a text message. This virus allowed him to perform the hacks as previously stated: eavesdropping, making purchases and so on. He was able to gain access to the device in just two minutes using a PC.







« TCL HDTVs 50-inch 4K model for a very cheap $999 · Major SIM Card Security Flaw Uncovered · Battlefield 4 gets DX11.1; DX11.1 Will Improve CPU Performance »

Speed Weed
Senior Member



Posts: 1066
Joined: 2011-12-04

#4626432 Posted on: 07/26/2013 06:50 AM
Unfortunately, he doesn't appear to have pointed the finger at any provider in particular.
Just hoping that my PAYG setup won't be affected too badly.

War child
Senior Member



Posts: 329
Joined: 2013-01-03

#4626464 Posted on: 07/26/2013 08:46 AM
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.

HeavyHemi
Senior Member



Posts: 6956
Joined: 2008-10-27

#4626469 Posted on: 07/26/2013 09:08 AM
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.


"Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe."

http://www.networkworld.com/news/2013/072413-sim-card-vulnerabilities-easy-to-272135.html

Truder
Senior Member



Posts: 1362
Joined: 2007-01-16

#4627041 Posted on: 07/27/2013 01:54 PM
Techincally speaking this is not new as sim-card cloning had been a problem about 15 years ago but the difference now is that it's being done wirelessly, before it had to be done with a phone that was somewhat insecure. The Ericsson A1018s was one of the key phones that allowed for simcard cloning however this flaw had been fixed with a new generation of sim cards.

I believe this new technique used is probably only owkring on the same old generation of sim cards as the article would seem to suggest.

I actually remember a friend and an acquaintance of mine who both were the targets of sim card cloning, my friend being on payg found that his credit had been totally drained usually about an hour after he "topped-up" so he had to contact Orange who helped him through the matter, as for the acquaintance, she was on contract and ended up with a huge bill, all I know is, it had to go to court for her.

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021