Vodafone and T-Mobile customers are not affected by ‘SIM-hack’




Customers of Vodafone and T-Mobile in the Netherlands can be hardly affected by the ‘SIM-hack’, where a phone can be taken over. Within a few minutes via silent SMS

Simkaart The hack was not a single customer of Vodafone in the Netherlands, so let it be known to the provider Tweakers. At KPN is not yet clear. “We analyze the hack currently, but we do not know whether our customers are susceptible to this hack,” said a spokesman for KPN against Tweakers. T-Mobile says not yet be sure that there are SIM cards in circulation are susceptible to the hack: “These technology for SIM cards T-Mobile Netherlands since 2002 no longer provides,” said spokesman Michael Fox at Tweakers. Customers with a SIM card for 2002, susceptible, but T-Mobile do not know if there are. All SIM cards with the logo of T-Mobile it seem so safe: Deutsche Telekom used brand name only since 2003 in the Netherlands.

If there are many customers with vulnerable SIM walking around, it is obvious that replace SIM cards for secure, all but KPN will not discuss possible measures when customers turn out to be reviewed. “We are the first to figure out and we will do that together with the GSM Association, the umbrella organization for providers and Karsten Nohl, who discovered the hack.” Nohl will share his findings at Black Hat hacker conference, which takes place next week, but he lifted Monday already a corner of the veil.

The hack works with silent text messages, messages that providers can send to phones but where the user sees nothing. These text messages are signed with a code of 56 characters, without that code can no operations are performed on the SIM card. Some of the SIM cards sent using an invalid code error message with a cryptographic signature back. Nohl knew that signature with the aid of rainbow tables to convert the code of 56 characters that is to be used to sign. the text messages towards the SIM card

Then Nohl had as much power over the SIM card and the provider, and could for example SMS intercept and redirect calls and eavesdropping. According to Nohl has to do with a typical PC, the attack and it takes about two minutes. The attack only works with cards that use the obsolete DES encryption standard. Some of the providers has switched to 3DES, an enhanced version of the standard.

The DES standard is already five years by makers of SIM cards are no longer used, but it is obvious that older SIM cards are vulnerable. Nohl estimates that 750 million SIM cards are vulnerable, though the exact number is unclear.
Update, 17:23: Reaction T-Mobile added


Tags: , , , , , ,

In: Technology & Gadgets Asked By: [15484 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »