nuune Posted July 21, 2013 If your identity has been stolen, your phone may have been an accomplice to the crime. A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner. He said he had managed the whole operation in about two minutes, using a simple personal computer. He estimates as many as 750 million phones may be vulnerable to attacks. “We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.” Mr. Nohl is well known in security circles. In 2009, he published a software tool that computes the 64-bit key used to encrypt conversations on GSM networks, prompting the industry to adopt better safeguards. His company, Security Research Labs, advises German and U.S. multinational companies on mobile security issues. Read more here Quote Share this post Link to post Share on other sites
Alpha Blondy Posted July 22, 2013 oh yeah. thanks for the reminder, inaar. Quote Share this post Link to post Share on other sites
nuune Posted July 22, 2013 Horta do you own a mobile phone with DES encrytaatiko, if so, then it is time to dump that Chinese phone which looks like a Galaxy-mini, don't deceive shacabka, it is time you get real and get higher inaar Quote Share this post Link to post Share on other sites
Complicated Posted July 22, 2013 nuune;969952 wrote: He estimates as many as 750 million phones may be vulnerable to attacks. He seems to be over exaggerating the numbers for a maximum media exposure. There might be a number of telecommunication companies in the "third world" and developing countries still using this obsolete technology, but most (if not all) the western telcos have migrated from the single DES algorithm he has managed to successfully attack. I believe the continuous use of this technology is tantamount to criminal negligence. I will bet on my last penny that AB's mobile operator still use this technology (it is really cheap) Quote Share this post Link to post Share on other sites
