Monday, July 22, 2013

GSM encryption flaw leaves 750 million SIMs at risk: Researcher

A German mobile security expert says he has found a flaw in the encryption technology used in some -- not all -- SIM cards. Karsten Nohl, founder of German firm Security Research Labs, described the vulnerability on Sunday.

Karsten Nohl had been in the news previously when he discovered issues with GSM encryption in both 2009 and 2010.

Nohl said he was able to hack into a device via its SIM card in about two minutes. The flaw allows hackers to obtain a SIM card’s digital key. Once that key was obtained, Nohl said, he was able to infect the SIM card with a virus through a text message.

Through the virus, he was able eavesdrop on calls, make purchases through mobile payment systems, and even impersonate the phone’s owner.

Nohl said the flaw he had discovered is in the encryption method called data encryption standard (DES), which was developed in the 1970s. His testing showed that about 25 percent of those SIM cards using DES encryption were vulneable to the hack.

DES is used on about half of the about six billion cellphones in use, worldwide, daily. Doing the math, that would mean about 750 million SIMs are vulnerable, and thus 750 million phones are vulnerable. Most operators have adopted a newer standard called Triple DES, but many SIMs still use the old encryption method.

Nohl said:
We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your SMSes. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.
Nohl has already shared the results of his two-year study with the GSM Association. On Aug. 1, he plans to present the full details of his research at the 2013 Black Hat security conference in Las Vegas.

No comments: