Feeds

SIM crypto CRACKED by a SINGLE text, mobes stuffed with spyware

German boffin's SMS-of-pwnage extracts DES key from your pocket

Choosing a cloud hosting partner with confidence

A quarter of mobiles phones using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone.

German security researcher Karsten Nohl, founder of Berlin's Security Research Labs, who previously busted GPRS encryption and cracked transport smartcard encryption keys with a microscope, has told the New York Times and Forbes about the attack, which he will outline to the August Black Hat conference in Las Vegas.

While Nohl is holding back some details of the attack until his Black Hat convention talk, he says he has developed a technique that allows him to obtain the 56-bit DES encryption key of a SIM by sending a text message that spoofs the phone's operator. With the key in hand, a second text message will install software on the target device that takes over the phone completely – including eavesdropping and impersonation attacks.

“We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account”, Nohl told the NYT.

Forbes' report suggests Java Card, an Oracle product Big Red says "provides a secure environment for applications that run on smart cards and other devices with very limited memory and processing capabilities", is the source of the vulnerability.

Of the six billion mobiles currently in service, about half still use DES encryption. In a sample of 1,000 SIMs tested over two years, Nohl said one-quarter were vulnerable – which suggests as many as 750 million vulnerable devices are in the field.

Nohl has disclosed the vulnerability in full to the GSM Association, and the ITU is planning an advisory to all mobile phone operators. ®

Website security in corporate America

More from The Register

next story
Man buys iPHONE 6 and DROPS IT to SMASH on PURPOSE
Yarrrgh! 'Tis Antipodean insanity, ye crazy swab
Oi, Tim Cook. Apple Watch. I DARE you to tell me, IN PERSON, that it's secure
State attorney demands Apple CEO bows the knee to him
4K-ing excellent TV is on its way ... in its own sweet time, natch
For decades Hollywood actually binned its 4K files. Doh!
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Monitors monitor's monitoring finds touch screens have 0.4% market share
Not four. Point four. Count yer booty again, Microsoft
Your chance to WIN the WORLD'S ONLY HANDHELD ZX SPECTRUM
Reg staff not allowed to enter, god dammit
DARPA-backed jetpack prototype built to make soldiers run faster
4 Minute Mile project hatched to speed up tired troops
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.