Kingston KC3000 PCIe 4.0 M.2 NVMe review
EnGenius ECS2512FP. 8-port 2.5G Cloud Switch review
Deepcool CG560 chassis review
Fractal Design Torrent Black RGB TG review
Core i9 12900K DDR4 3600 vs DDR5 5200 performance review
Corsair H150i Elite LCD review
Seasonic Syncro Q704 chassis + Connect PSU review
Fractal Design Ion+ 2 Platinum 860W PSU Review
Crucial P5 Plus PCIe 4.0 M.2 NVMe review
Fractal Design Lumen S28 RGB review (LCS)
Major SIM Card Security Flaw Uncovered
Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times on Sunday that he has discovered a flaw in the encryption technology used in some SIM cards. This vulnerability could allow hackers to eavesdrop on the device owner while in a call, make purchases through mobile payment systems, and possibly even impersonate the device owner.
Around 750 million devices could be vulnerable to attacks thanks to this flaw. According to the paper, the newly discovered encryption hole allows the attacker to obtain the SIM card's 56-digit key. Nohl said that he was able to acquire a key by sending the target device an SMS using a false signature for the device's wireless carrier.
Typically, both the device and wireless carrier verify their identities by comparing digital signatures. If a device recognizes a false signature, it will end transmission. Nohl said that 75 percent of the messages he sent to cellphones recognized the fake signature and immediately ended transmission. However, the other 25 percent broke off communication as well, but they also sent error messages back to Nohl that included their own encrypted digital signatures. That was enough information for Nohl to derive the SIM card's encryption key.
Thus with the correct key in hand, Nohl proceeded to send a virus to the SIM card using a text message. This virus allowed him to perform the hacks as previously stated: eavesdropping, making purchases and so on. He was able to gain access to the device in just two minutes using a PC.
War child
Senior Member
Posts: 331
Joined: 2013-01-03
Senior Member
Posts: 331
Joined: 2013-01-03
#4626464 Posted on: 07/26/2013 09:46 AM
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
HeavyHemi
Senior Member
Posts: 6954
Joined: 2008-10-27
Senior Member
Posts: 6954
Joined: 2008-10-27
#4626469 Posted on: 07/26/2013 10:08 AM
"Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe."
http://www.networkworld.com/news/2013/072413-sim-card-vulnerabilities-easy-to-272135.html
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
"Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe."
http://www.networkworld.com/news/2013/072413-sim-card-vulnerabilities-easy-to-272135.html
Truder
Senior Member
Posts: 1633
Joined: 2007-01-16
Senior Member
Posts: 1633
Joined: 2007-01-16
#4627041 Posted on: 07/27/2013 02:54 PM
Techincally speaking this is not new as sim-card cloning had been a problem about 15 years ago but the difference now is that it's being done wirelessly, before it had to be done with a phone that was somewhat insecure. The Ericsson A1018s was one of the key phones that allowed for simcard cloning however this flaw had been fixed with a new generation of sim cards.
I believe this new technique used is probably only owkring on the same old generation of sim cards as the article would seem to suggest.
I actually remember a friend and an acquaintance of mine who both were the targets of sim card cloning, my friend being on payg found that his credit had been totally drained usually about an hour after he "topped-up" so he had to contact Orange who helped him through the matter, as for the acquaintance, she was on contract and ended up with a huge bill, all I know is, it had to go to court for her.
Techincally speaking this is not new as sim-card cloning had been a problem about 15 years ago but the difference now is that it's being done wirelessly, before it had to be done with a phone that was somewhat insecure. The Ericsson A1018s was one of the key phones that allowed for simcard cloning however this flaw had been fixed with a new generation of sim cards.
I believe this new technique used is probably only owkring on the same old generation of sim cards as the article would seem to suggest.
I actually remember a friend and an acquaintance of mine who both were the targets of sim card cloning, my friend being on payg found that his credit had been totally drained usually about an hour after he "topped-up" so he had to contact Orange who helped him through the matter, as for the acquaintance, she was on contract and ended up with a huge bill, all I know is, it had to go to court for her.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 1066
Joined: 2011-12-04
Unfortunately, he doesn't appear to have pointed the finger at any provider in particular.
Just hoping that my PAYG setup won't be affected too badly.