Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.
Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.
Filed under: Cellphones, Mobile
Comments
Source: New York Times
SIM card hijackers are starting to face the consequences of their actions. California college student Joel Ortiz has agreed to a plea deal that will have him serve 10 years in prison for stealing over $5 million in cryptocurrency through SIM swappin...
At Apple's fall event today, the iPhone Xs is certainly stealing the show, and not just for sharper screens and cameras. As rumors anticipated, the new devices will finally get eSIM technology, which had been available in iPads and Apple Watches but...
There's a good chance you've had to ask your carrier for a SIM swap, whether it's to replace a faulty card or to switch to another size (say, from micro SIM to nano SIM). Crooks, however, are increasingly abusing those swaps to steal from unsuspectin...
Ofcom has introduced new rules that should make it easier to switch mobile networks in the UK. At the moment, cancelling a contract and setting up a new one is complicated and time consuming, especially if you want to keep your old number. You have t...
Nestled inside your cellphone is a teensy sliver of plastic you almost certainly never think about. That's your SIM card -- the bit that basically stores your phone's identity and passes it along to whatever wireless carrier network you pay for. It's...
Edward Snowden is still trying to combat smartphone radio surveillance three years after spilling the NSA's secrets. With help from hacker Andrew "Bunnie" Huang, Snowden presented on Thursday designs at the MIT Media Lab for a case-like add-on device...
Microsoft appears to building its own contract-free cellular data service for getting Windows 10 devices online, if a curious app store listing is any indication. According to the app's description, it "allows you to connect to a trusted nationwide m...
