12.5 percent of the world's phones can be hacked
A major new security exploit for mobile phones
has been detected, and the scary thing is that it's present in SIM
cards. According to the New York Times,
a German mobile security expert discovered the flaw, which could
potentially let cyber-criminals take complete control of one's phone.
However, before you rush to get rid of your SIM card, it is worth noting
that the exploit is only possible on SIMs using DES (Data Encryption
Standard) for its encryption needs.
The researcher, Karsten Nohl, has stated that the security hole can potentially allow an outsider to get their hands on a SIM card's digital key, which is a 56-digit key that can let the chip be modified. Nohl said that using the key let him send a virus to the SIM card through a simple text message. The virus then allowed him to eavesdrop on a caller, make purchases on the phone, and even impersonate the phone's owner. Roughly 750 million phones all over the world are said to be vulnerable to this exploit.
DES was developed back in the 70s, this explains the exploit as being something the developers had no idea of at the time. Nohl said that he tested the exploit with around 1,000 SIMs on phones from both North America and Europe over a two-year period. A quarter of the SIMs running on DES are said to be vulnerable to the flaw. Around half of the world’s currently-used SIM cards use DES for encryption, which means that roughly 12.5 percent of the mobiles currently used on the planet are vulnerable.
The exploit was pulled off by Nohl by sending a fake carrier message to a phone. This prompted the phone to automatically respond to Nohl and reveal the card's 56-bit key. According to Nohl, exploiting the vulnerability takes all of two minutes.
SIM cards can be exploited, it seems
The researcher, Karsten Nohl, has stated that the security hole can potentially allow an outsider to get their hands on a SIM card's digital key, which is a 56-digit key that can let the chip be modified. Nohl said that using the key let him send a virus to the SIM card through a simple text message. The virus then allowed him to eavesdrop on a caller, make purchases on the phone, and even impersonate the phone's owner. Roughly 750 million phones all over the world are said to be vulnerable to this exploit.
DES was developed back in the 70s, this explains the exploit as being something the developers had no idea of at the time. Nohl said that he tested the exploit with around 1,000 SIMs on phones from both North America and Europe over a two-year period. A quarter of the SIMs running on DES are said to be vulnerable to the flaw. Around half of the world’s currently-used SIM cards use DES for encryption, which means that roughly 12.5 percent of the mobiles currently used on the planet are vulnerable.
The exploit was pulled off by Nohl by sending a fake carrier message to a phone. This prompted the phone to automatically respond to Nohl and reveal the card's 56-bit key. According to Nohl, exploiting the vulnerability takes all of two minutes.
Comments