Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Mobile Security - DES 56b Encrytpion Flaw discovered in SIM Card handling

German researchers have discovered an encryption SIM card vulnerability found in older mobile devices

http://securitywatch.pcmag.com/mobile-security/313914-encryption-bug-in-sim-card-can-be-used-to-hack-millions-of-phones

http://www.nytimes.com/2013/07/22/technology/encryption-flaw-makes-phones-possible-accomplices-in-theft.html

QUOTE: A flaw in the encryption technology used by some SIM cards in mobile devices can be exploited to take control of the device, a German researcher has found. The vulnerability would allow attackers to send spoofed text messages to obtain the 56-bit data encryption standard (DES) key used by the targeted phone's SIM card, Karsten Nohl, founder of Berlin's Security Research Labs, told the New York Times and Forbes. With the key in hand, attackers would be able to install malicious software and perform other nefarious operations on the device. More details will be revealed during his presentation at the Black Hat conference in Las Vegas later this month.  About half of the SIM cards in use today still rely on the older DES encryption rather than the newer and more secure triple-DES, Nohl estimated. Over a two-year period, Nohl tested 1,000 SIM cards in Europe and North America and found that a quarter of them were vulnerable to attack. He believed that as many as 750 million phones may be affected by this flaw.