Feeds

SIM crypto CRACKED by a SINGLE text, mobes stuffed with spyware

German boffin's SMS-of-pwnage extracts DES key from your pocket

Build a business case: developing custom apps

A quarter of mobiles phones using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone.

German security researcher Karsten Nohl, founder of Berlin's Security Research Labs, who previously busted GPRS encryption and cracked transport smartcard encryption keys with a microscope, has told the New York Times and Forbes about the attack, which he will outline to the August Black Hat conference in Las Vegas.

While Nohl is holding back some details of the attack until his Black Hat convention talk, he says he has developed a technique that allows him to obtain the 56-bit DES encryption key of a SIM by sending a text message that spoofs the phone's operator. With the key in hand, a second text message will install software on the target device that takes over the phone completely – including eavesdropping and impersonation attacks.

“We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account”, Nohl told the NYT.

Forbes' report suggests Java Card, an Oracle product Big Red says "provides a secure environment for applications that run on smart cards and other devices with very limited memory and processing capabilities", is the source of the vulnerability.

Of the six billion mobiles currently in service, about half still use DES encryption. In a sample of 1,000 SIMs tested over two years, Nohl said one-quarter were vulnerable – which suggests as many as 750 million vulnerable devices are in the field.

Nohl has disclosed the vulnerability in full to the GSM Association, and the ITU is planning an advisory to all mobile phone operators. ®

The essential guide to IT transformation

More from The Register

next story
Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
Tip: Put the shades on and you'll look less of a spanner
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
One step closer to ROBOT BUTLERS: Dyson flashes vid of VACUUM SUCKER bot
Latest cleaner available for world+dog in September
Samsung Gear S: Quick, LAUNCH IT – before Apple straps on iWatch
Full specs for wrist-mounted device here ... but who'll buy it?
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
Now that's FIRE WIRE: HP recalls 6 MILLION burn-risk laptop cables
Right in the middle of Burning Mains Man week
Apple's iWatch? They cannae do it ... they don't have the POWER
Analyst predicts fanbois will have to wait until next year
Tim Cook in Applerexia fears: New MacBook THINNER THAN EVER
'Supply chain sources' give up the goss on new iLappy
HUGE iPAD? Maybe. HUGE ADVERTS? That's for SURE
Noo! Hand not big enough! Don't look at meee!
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.