750 million phones could be vulnerable in massive SIM security flaw
Karsten Nohl, the founder of German firm Security Research Labs, discovered that sending a fake carrier message to a phone prompted an automated response from 25 percent of DES SIMs that revealed the cards' 56-bit security key. With that key in hand, Nohl was able to send a virus to the SIM with a text message. The virus allowed him to impersonate the phone's owner, intercept text messages, and even make carrier payments. The New York Times cites Nohl as claiming that the entire operation takes "about two minutes" using a regular PC.
Over the past two years, Nohl has tested his method on around 1,000 cards across North America and Europe. DES is used in around three billion mobile SIMs worldwide, of which Nohl estimates 750 million are vulnerable to the attack. Many carriers use SIMs with the stronger triple-DES encryption method, which are not susceptible to Nohl's method, and DES in general has been phased out in favor of AES (Advanced Encryption Standard).
The flaw has been disclosed to the GSMA, an association made up of mobile operators and other companies in the field that oversees the deployment of GSM networks. The GSMA has informed SIM manufacturers and other companies involved of the situation, who are all analyzing how to best deal with the flaw. With the "responsible disclosure" taken care of, Nohl will detail his attack method at the Black Hat security conference on August 1st. He also plans to publish a "comparative list" detailing the SIM card security of each mobile carrier in December. Hopefully by then the at-risk operators will have taken the necessary steps to neutralize the vulnerability.
Posted:
Related Forum: PC General Forum
Source: http://www.theverge.com/2013/7/21/4542782/sim-card-des-security-flaw-security-research-labs
Related Articles
Comments
SCOPosted:
AzzaLTooh Wow, that's sketchy. Sucks for some people. ha
So you don't own a mobile phone?
just because he said that doesnt mean that he doesnt have one... maybe knows he's not been affected by this...
gtapro151Posted:
AzzaLTooh Wow, that's sketchy. Sucks for some people. ha
So you don't own a mobile phone?
i dought it affects any iphone since the 4 and thats what 99% of us have is a iphone lol
GrimgazPosted:
That realy scary maybe we wil find some more Ghost info from these hackers nah jk this is preety scary tho
KatsumiPosted:
daw 750 million ?! Woah.
Hopefully the majority of these people end up switching their sim cards. 750 Million makes up a good percentage of mobile phone users..
PlusnetPosted:
Titanium Getting a new SIM card isn't that hard. Usually the carrier would give them to you for free especially with this going on.
Yeah, they would have to.
AlbericiPosted:
Gossip I dont see anyone really getting hacked...
Well because I am sure this has just been found and getting the word around. Sounds like some NSA crap to me to be honest.
Latest Downloads
- 01. Horizon Forbidden West: SaveGame (100%, before DLC) [1.0.38.0](0)
- 02. DREDGE: SaveGame (The Game done 50%)(0)
- 03. Need for Speed: Most Wanted (2005) - SaveGame (100%, 17 cars)(2)
- 04. Signalis: SaveGame (Before the battle with Falke) [1.2.1](0)
- 05. Wraith of Anias | Final Checkpoint Save(1)
- 06. Jalopy SaveGame (Pumped up LaikaGT)(0)
- 07. Assassin's Creed 3 Save Game (Game completed 8%, until Chapter 4)(0)
- 08. Supermarket Simulator SaveGame (Quick start, 172 day, 65lvl)(1)
- 09. Caribbean Legend: SaveGame (before the start of the Dutch Gambit)(1)
- 10. Caribbean Legend: SaveGame (Passed the Secret Organization Gambit) [v1.0.0](1)
- 11. Jalopy: SaveGame (Pumped up LaikaGT)(0)
- 12. Assassin's Creed 3: Save Game (Game completed 8%, until Chapter 4)(3)
- 13. Supermarket Simulator: SaveGame (Quick start, 172 day, 65lvl)(0)
- 14. GoreBox: SaveGame (Ancient village of the Paleozoic era)(0)
- 15. Need for Speed: Most Wanted (2005) - SaveGame (0% career, 2 BMWs in the garage)(1)
Latest Tutorials
- 01. The Redress Of Mira 100% Walkthrough | Trophy & Achievement(582)
- 02. Russian Pinocchio Quick Trophy Guide(739)
- 03. Venatrix Quick Trophy & Achievement Guide(763)
- 04. Call of the Sea 100% Platinum Walkthrough(797)
- 05. Wire Lips 100% Platinum Walkthrough(840)
- 06. The Expanse 100% Platinum Walkthrough | Trophy & Achievement(756)
- 07. Doctor Who: The Edge of Reality - PS4 Platinum P/Thru(694)
- 08. Doctor Who:The Lonely Assassins - 100% Guide(588)
- 09. DAYMARE 1998 PS4 - Full game 100% TROPHY WALKTHROUGH(559)
- 10. Stray Platinum Walkthrough | Trophy & Achievement Guide(574)
- 11. Raji: An Ancient Epic | Complete Gameplay Walkthrough(752)
- 12. Corpse Killer: 25th Anniversary Edition - Longplay(788)
- 13. Song of Horror: Complete Edition Gameplay Walkthrough(542)
- 14. Remoteness 100% All Trophies Walkthrough(819)
- 15. Detective Inspector Mysterious Clues Platinum Walkthrough(633)
"750 million phones could be vulnerable in massive SIM security flaw" :: Login/Create an Account :: 65 comments