Researcher finds exploitable vulnerability in SIM card encryption

By Silky Malhotra | Published on 22 Jul 2013
HIGHLIGHTS

According to a new research, mobiles may be more prone to hacking due to outdated cryptography technology.

Researcher finds exploitable vulnerability in SIM card encryption

Want to modernise your banking loan application?

Build an application that analyses credit risk with #IBMCloud Pak for Data on #RedHat #OpenShift

Click here to know more

Advertisements

Karsten Nohl, an expert cryptographer with Security Research Labs, has found a new way to trick your mobiles into giving in security information like the users location, SMS functions and access to the users voicemail number. Nohl will be presenting his research on, "Rooting SIM cards" in the Black Hat security conference in the US on July 31.

According to a brief preview posted on Nohl's company blog: “The research has found that most SIM's support weak encryption from the 1970s called DES (Data Encryption Standard). The research found that it is easy to target mobiles with DES and discover the private key of the mobile.”

In his experiment, Nohl sent a binary code over SMS to a device with DES. The mobile could not run the message as the binary code wasn't properly cryptographically signed. The phone's SIM rejected the message and sent over an SMS with the error code which has the phone's encrypted 56-bit private key.

Once the company gets the private key of the phone, it is very easy to get the information from the mobile phone. Security Research Labs was able to access the key in less than two minutes through a regular computer with the help of a rainbow table.

The company outlined a scenario where using the SIM's private key, an attacker could download Java applets to the SIM. Through the applets the hackers would be able to send SMS, or change voicemail numbers and much more.

Security Research Labs also added that possible solutions for the problem include that the SIM cards have the latest cryptography technology and with the help of Java virtual machines the applets access can be restricted to certain information.

Source: Indian Express
 

logo
Silky Malhotra

Advertisements

Trending Articles

Advertisements

latest articles

View All
Advertisements

Top Products

Popular Mobile Phones

View All

Hot Deals

View All

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status