Feeds

SIM crypto CRACKED by a SINGLE text, mobes stuffed with spyware

German boffin's SMS-of-pwnage extracts DES key from your pocket

High performance access to file storage

A quarter of mobiles phones using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone.

German security researcher Karsten Nohl, founder of Berlin's Security Research Labs, who previously busted GPRS encryption and cracked transport smartcard encryption keys with a microscope, has told the New York Times and Forbes about the attack, which he will outline to the August Black Hat conference in Las Vegas.

While Nohl is holding back some details of the attack until his Black Hat convention talk, he says he has developed a technique that allows him to obtain the 56-bit DES encryption key of a SIM by sending a text message that spoofs the phone's operator. With the key in hand, a second text message will install software on the target device that takes over the phone completely – including eavesdropping and impersonation attacks.

“We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account”, Nohl told the NYT.

Forbes' report suggests Java Card, an Oracle product Big Red says "provides a secure environment for applications that run on smart cards and other devices with very limited memory and processing capabilities", is the source of the vulnerability.

Of the six billion mobiles currently in service, about half still use DES encryption. In a sample of 1,000 SIMs tested over two years, Nohl said one-quarter were vulnerable – which suggests as many as 750 million vulnerable devices are in the field.

Nohl has disclosed the vulnerability in full to the GSM Association, and the ITU is planning an advisory to all mobile phone operators. ®

High performance access to file storage

More from The Register

next story
Video games make you NASTY AND VIOLENT
Especially if you are bad at them and keep losing
Report: Apple seeking to raise iPhone 6 price by a HUNDRED BUCKS
'Well, that 5c experiment didn't go so well – let's try the other direction'
Nvidia gamers hit trifecta with driver, optimizer, and mobile upgrades
Li'l Shield moves up to Android 4.4.2 KitKat, GameStream comes to notebooks
Gimme a high S5: Samsung Galaxy S5 puts substance over style
Biometrics and kid-friendly mode in back-to-basics blockbuster
Dell Wyse Cloud Connect: Pocket Android desktop
Ultrathin client with a lot of baggage. The upside? It's a rogue sysadmin's delight
AMD unveils Godzilla's graphics card – 'the world's fastest, period'
The Radeon R9 295X2: Water-cooled, 5,632 stream processors, 11.5TFLOPS
Sony battery recall as VAIO goes out with a bang, not a whimper
The perils of having Panasonic as a partner
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
NORKS' own smartmobe pegged as Chinese landfill Android
Fake kit in the hermit kingdom? That's just Kim Jong-un-believable!
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.