750 million mobile phones vulnerable to intruders due to inadequately protected SIM cards

Karsten Nohl, the founder of Security Research Labs, announced the discovery of the vulnerability of SIM cards with the DES (Data Encryption Standard) encryption standard. This is an outdated standard, which, however, is used by a large number of manufacturers, and hundreds of millions of SIM-cards support DES. So, this vulnerability allows, when sending a fake message from a carrier to a phone, to receive a 56-bit key in the reply message (the answer is sent automatically, and about 25% of DES-cards are subject to such “deception”).

With the security code in hand, an attacker can send another message, this time with a virus that allows you to get information about the owner of the phone, intercept text messages and even make payments from your account. The whole operation on hacking a phone with a DES-card may take about two minutes. In any case, this is what Carsten Nol claims.
')
Vulnerability was not discovered by him suddenly, for about two years this specialist tested SIM cards in North America and Europe. About 1000 cards were checked. According to the expert, about three billion SIM-cards all over the world work with DES, about 750 million of which are subject to hacking. Many operators use SIM cards with triple encryption (although DES), and such SIM cards are not susceptible to hacking.

The expert was informed about the vulnerability by the GSMA, and this association, in turn, informed the SIM card manufacturers and other telecommunications companies that are relevant to the current situation. We are currently searching for a possible solution to the problem. Kartsen Nol will present the details on Black Hat on August 1st.

In addition, in December, the expert will publish data on which SIMs of communication operators are subject to hacking. It may well be that before December they will have time to solve the problem.

Via theverge