Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide
Major SIM Card Security Flaw Uncovered
Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times on Sunday that he has discovered a flaw in the encryption technology used in some SIM cards. This vulnerability could allow hackers to eavesdrop on the device owner while in a call, make purchases through mobile payment systems, and possibly even impersonate the device owner.
Around 750 million devices could be vulnerable to attacks thanks to this flaw. According to the paper, the newly discovered encryption hole allows the attacker to obtain the SIM card's 56-digit key. Nohl said that he was able to acquire a key by sending the target device an SMS using a false signature for the device's wireless carrier.
Typically, both the device and wireless carrier verify their identities by comparing digital signatures. If a device recognizes a false signature, it will end transmission. Nohl said that 75 percent of the messages he sent to cellphones recognized the fake signature and immediately ended transmission. However, the other 25 percent broke off communication as well, but they also sent error messages back to Nohl that included their own encrypted digital signatures. That was enough information for Nohl to derive the SIM card's encryption key.
Thus with the correct key in hand, Nohl proceeded to send a virus to the SIM card using a text message. This virus allowed him to perform the hacks as previously stated: eavesdropping, making purchases and so on. He was able to gain access to the device in just two minutes using a PC.
War child
Senior Member
Posts: 329
Joined: 2013-01-03
Senior Member
Posts: 329
Joined: 2013-01-03
#4626464 Posted on: 07/26/2013 08:46 AM
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
HeavyHemi
Senior Member
Posts: 6956
Joined: 2008-10-27
Senior Member
Posts: 6956
Joined: 2008-10-27
#4626469 Posted on: 07/26/2013 09:08 AM
"Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe."
http://www.networkworld.com/news/2013/072413-sim-card-vulnerabilities-easy-to-272135.html
If I remember correctly. This affects older sim cards and about 500,000 estimated are still using this particular sim card.
"Nohl said in an interview Tuesday that 500 million phones, regardless of make, could be vulnerable, based on his sample of 1,000 SIM cards from a variety of operators, mostly in Europe."
http://www.networkworld.com/news/2013/072413-sim-card-vulnerabilities-easy-to-272135.html
Truder
Senior Member
Posts: 1362
Joined: 2007-01-16
Senior Member
Posts: 1362
Joined: 2007-01-16
#4627041 Posted on: 07/27/2013 01:54 PM
Techincally speaking this is not new as sim-card cloning had been a problem about 15 years ago but the difference now is that it's being done wirelessly, before it had to be done with a phone that was somewhat insecure. The Ericsson A1018s was one of the key phones that allowed for simcard cloning however this flaw had been fixed with a new generation of sim cards.
I believe this new technique used is probably only owkring on the same old generation of sim cards as the article would seem to suggest.
I actually remember a friend and an acquaintance of mine who both were the targets of sim card cloning, my friend being on payg found that his credit had been totally drained usually about an hour after he "topped-up" so he had to contact Orange who helped him through the matter, as for the acquaintance, she was on contract and ended up with a huge bill, all I know is, it had to go to court for her.
Techincally speaking this is not new as sim-card cloning had been a problem about 15 years ago but the difference now is that it's being done wirelessly, before it had to be done with a phone that was somewhat insecure. The Ericsson A1018s was one of the key phones that allowed for simcard cloning however this flaw had been fixed with a new generation of sim cards.
I believe this new technique used is probably only owkring on the same old generation of sim cards as the article would seem to suggest.
I actually remember a friend and an acquaintance of mine who both were the targets of sim card cloning, my friend being on payg found that his credit had been totally drained usually about an hour after he "topped-up" so he had to contact Orange who helped him through the matter, as for the acquaintance, she was on contract and ended up with a huge bill, all I know is, it had to go to court for her.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 1066
Joined: 2011-12-04
Unfortunately, he doesn't appear to have pointed the finger at any provider in particular.
Just hoping that my PAYG setup won't be affected too badly.