Smart phones vulnerable to malicious software attacks, operators also acquiesced government agencies peep, but at least mobile phone SIM card is still safe and can not be hacked, but now, that road is still the most impregnable wall was broken up! German mobile security expert Karsten Noll (Karsten Nohl), after years of study, to find the SIM card encryption and software vulnerabilities, and he will also be in Los Angeles, Black Hat (Black Hat) hacker conference, open their own discovery.
There are currently six billion global mobile phone, about half use the Data Encryption Standard (Data Encryption Standard, DES), but Noel said this digital key encryption method is easy to be cracked, as one of the major vulnerabilities. He pointed out that a less common, but the potential risk of being hacked SIM card function expansion method using SMS messages ─ ─ update OTA (over-the-air) method, because of its instructions are encrypted message sent directly to the SIM card, if Encryption technology uses outdated DES (Data Encryption Standard, Data Encryption Standard) method, rather than the adoption of better AES (Advanced Encryption Standard, Advanced Encryption Standard) encryption, hackers can easily crack the SIM card of 56 yuan DES key.
Noel within two networks in Europe and North America 1,000 SIM cards used for testing (these SIM cards belonging to himself or research team), he was under the guise of the identity operator, send SMS to mobile phone users using DES, 3 / 4 was identified as a false signature and stops responding, but there are 1/4 phone will decrypt the message to send additional Noel error code, which includes mobile digital signature encryption.Although the digital signature encryption processing has been done, but Noel still be able to decipher the SIM card from a digital key.
The world will have 750 million mobile phone security is affected
The impact is enormous, once this group of criminals to get the number of columns, they can send a text message to a mobile phone viruses or malicious programs on the SIM card in order to steal important information, such as billing costs, and even kidnapping cell phone, or posing phone holder to do anything, such as conducting online transactions or bank transfer, etc., is expected to have 750 million mobile phones affected.
Noel's SIM card against vulnerabilities, the International Telecommunication Union has about 200 members worldwide telecommunications regulatory agencies issued a notice warning of serious loopholes in mobile phone technology, mobile phone companies will inform hundreds, academics and industry experts In addition some of the SIM card manufacturers have begun to study for this problem.
