In modern SIM-cards revealed fundamental vulnerability
Millions of mobile phones may be vulnerable to potential unauthorized access due to the use of outdated encryption method that was used back in the 1970s. This was explained by the famous German specialist IT security company Karsten Nohl of Security Research Lab. Details of his find, he intends to tell the conference at the next Black Hat. Previously engaged in hacking systems Nohl GSM cellular and other related technologies. According to Nola detected bug threatens all mobile phones, be it a fancy smartphone or a basic cell phone for $ 35. It allows you to access information on the approximate location, SMS-functions, voice mail, and a number of other possibilities.
The expert said that the danger lies in the SIM-cards that are placed in all CDMA-and GSM-phones. SIM is tied to the cellular operator, and plays a key role, allowing to distinguish one user from another. According to rough estimates, in the world today employs more than 7 billion SIM-cards. Nohl says that in order to ensure privacy and security, SIM-card use encryption when communicating with the network operator, but the standards of the encryption of the operators vary significantly.
The group of specialists reviewed the many SIM-cards of different operators and found that most of them are using the old encryption standard DES (Data Encryption Standard). This standard is considered a reliable 70 through the 2000s, but now it no longer refers to a persistent algorithms, and if you use a certain algorithm hacking, data quite simply be opened. fairness, German experts say that many operators have refused to DES in favor of stronger algorithms. In their experiments, Security Research Labs send binary code via SMS to your device with SIM-card that supports DES.
Since the code was not signed, it is not performed on the phone, but at the same time with the rejection of the execution, the machine returns an error code that was encrypted using a 56-bit key. Since DES itself is not reliable, and 56-bit keys are generally not used because of the short length, crack the encryption protection is easy. On a standard PC with the current hardware hacking filling takes about 2 minutes by sorting hashes. After receiving the key, a potential attacker can sign a malicious commands and send them ostensibly on behalf of the operator.
The company said that sometimes the SIM-instructions and have access to Java-machines operating at a number of phone models and it can affect the application layer software phone. "These instructions are always work in different ways, but in most cases they have a pretty broad potential "- said Nohl. detailed demonstration of an attack is expected in Las Vegas at the Black Hat on July 31.
.jpg)
