Part sim cards can be hacked by sending sms’




The German security researcher Karsten Nohl has managed to crack by sending. Prepared a special text message part of the sim cards Then it was possible to intercept text messages and listen to phone calls.

simkaart Nohl, previously the encryption of the GSM protocol hacked and studied the security of the Dutch public transport smartcard, states that a quarter of the nearly thousand SIM cards that he and his team tested in three years time, to crack. He estimates that a total of one-eighth of the SIM cards used to crack, writes Forbes.

The researcher made use of SMS. Providers make use of SMS to send instructions to, for example for use abroad. To a SIM card These texts, which remain unseen for the user, are signed with a key 56 of 56 bits, no operations can be performed on the SIM card without that code. Some of the SIM cards sent using an invalid code error message with a cryptographic signature back. Nohl knew that signature using rainbow tables to convert the key to be used to sign. the text messages towards the SIM card

Then Nohl had as much power over the SIM card and the provider, and could for example SMS intercept and redirect calls and eavesdropping. According to Nohl has to do with a typical PC, the attack and it takes about two minutes. The attack only works with cards that use the obsolete DES encryption standard. Some of the providers has switched to 3DES, an enhanced version of the standard. Or Dutch SIM cards are vulnerable, is unclear; providers were not available for comment Monday.

Furthermore Nohl discovered that some of the software on the SIM cards contain a second security issue. The sandboxing security on the SIM cards, which is used to place so they can not manipulate each software in virtual silos would be relatively easy to crack. Vulnerable SIM cards he could therefore access software on the card, such as data from software used for mobile payments. Via text message This made it possible to make payments. Itself SIM cards are often used for payments. Particularly in Africa

The researcher recommends the GSM Assocation and makers of SIM cards, which he has made to send you messages. With cryptographic signatures from more informed Gemalto, a major Dutch manufacturer of SIM cards, says The New York Times compared it investigates the security issue. using the GSM Association and other organizations

Nohl will reveal do at the Black Hat security conference in Las Vegas, where Tweakers is present. Precisely how his hack later this month During that conference, he will not bring any outside providers or may not be vulnerable, he does not until the CCC hackers conference, which takes place in December in Hamburg.


Tags: , ,

In: Technology & Gadgets Asked By: [15446 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »