Latest in Blackhat

Image credit:

Some SIM cards can be hacked 'in about two minutes' with a pair of text messages

87 Shares
Share
Tweet
Share
Save

Sponsored Links

Every GSM phone needs a SIM card, and you'd think such a ubiquitous standard would be immune to any hijack attempts. Evidently not, as Karsten Nohl of Security Research Labs -- who found a hole in GSM call encryption several years ago -- has uncovered a flaw that allows some SIM cards to be hacked with only a couple of text messages. By cloaking an SMS so it appears to have come from a carrier, Nohl said that in around a quarter of cases, he receives an error message back containing the necessary info to work out the SIM's digital key. With that knowledge, another text can be sent that opens it up so one can listen in on calls, send messages, make mobile purchases and steal all manner of data.

Apparently, this can all be done "in about two minutes, using a simple personal computer," but only affects SIMs running the older data encryption standard (DES). Cards with the newer Triple DES aren't affected; also, the other three quarters of SIMs with DES Nohl probed recognized his initial message as a fraud. There's no firm figure on how many SIMs are at risk, but Nohl estimates the number at up to 750 million. The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. Nohl plans to spill the beans at the upcoming Black Hat meeting. If you're listening, fine folks at the NSA, tickets are still available.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
87 Shares
Share
Tweet
Share
Save

Popular on Engadget

FDA clears an interoperable, automated insulin pump

FDA clears an interoperable, automated insulin pump

View
Study suggests vapers are 1.3 times more likely to develop lung disease

Study suggests vapers are 1.3 times more likely to develop lung disease

View
Senators ask credit agencies why they don't report FBI data requests

Senators ask credit agencies why they don't report FBI data requests

View
'Red Dead Redemption 2' photo and story modes come to PS4

'Red Dead Redemption 2' photo and story modes come to PS4

View
TiVo's iPhone app finally streams shows using cellular data

TiVo's iPhone app finally streams shows using cellular data

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr