It has been revealed that the encryption that is used by some mobile SIM cards can be a direct source for hackers in remotely controlling their host handsets. According to The New York Times report, this flaw is directly linked to cards using DES (Data Encryption Standard).
Karsten Nohl, the founder of Germany’s Security Research Labs, who has supplied some hacking achievements previously, brought in details of the attack to both the New York Times and Forbes.
Nohl said: “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.” Nohl also said that he can complete such operation in about two minutes, using the personal computer.
 |
| Karsten Nohl |
Verizon and AT&T said they knew of Nohl’s research, but said their SIM profiles were not vulnerable to the flaw. AT&T added that it had used SIMs with triple Data Encryption Standards (3DES) for almost a decade; Verizon did not specify why its SIMs were not vulnerable.
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl says.
Nohl has already advised GSM Association and other chip makers to tighten up technology to block the kind of messages he had sent in the process. He also asked operators to comply with the newer standards of encryption. Nohl also warned consumers using SIM cards more than three years old to get new cards from their carriers.
0 comments :
Post a Comment