Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Most SIM Cards Are Hackable With Two Texts: Security Firm

    By
    Michelle Maisto
    -
    July 23, 2013
    Share
    Facebook
    Twitter
    Linkedin

      SIM cards are the “de facto trust anchor” of mobile devices, Security Research Labs wrote in its most recent blog post. And yet, added the German firm, it’s found a way, with just two Short Message Service (SMS) texts, to break into a mobile phone and steal information, listen in on calls and even make purchases.

      SRL estimates that more than 7 billion SIM cards are in active use today and “many, if not most” rely on ’70s-era technology that it found crackable in just days.

      Once figured out, SRL founder Karsten Nohl told The New York Times in an interview reported July 21, the process can be accomplished in two minutes, from an everyday computer.

      “We can remotely install software on a handset that operates completely independently from your phone,” Nohl told the Times. “We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”

      Nohl found he was able to discover a SIM’s digital key by sending an SMS text masquerading as one sent by the phone’s wireless carrier. While most often the phones recognized that Nohl’s phone was using a false signature and broke off the communication, reported the Times, 25 percent of the time the phones responded with an error message that included its digital signature—which was enough for Nohl to figure out the SIM’s digital key.

      Nohl and his colleagues owned the phones that the hack was tried on.

      SRL plans to release the full findings of the two-year study it conducted with the GSM Association on Aug. 1 at the Black Hat security conference in Las Vegas.

      In the blog post, however, it did offer three points of advice.

      First, SRL wrote, SIM cards need to use state-of-the-art cryptography with “sufficiently long keys, should not disclose signed plaintexts to attackers and must implement secure Java virtual machines.” While some cards already do, many still don’t.

      Second, including an SMS firewall on phones could address “other abuse scenarios.”

      Lastly, it advises that networks implement filtering practices.

      “Remote attackers rely on mobile networks to deliver binary SMS to and from victim phones,” the firm said in its post. “Such SMS should only be allowed from a few known sources, but most networks have not implemented such filtering yet.”

      The Times report said that Gemalto, a Dutch maker of SIM cards, has been working closely with the GSM Association and received an early outline of Nohl’s report.

      It added that Nohl said he doesn’t plan to identify the operators whose SIM cards performed poorly in his study. But at the Chaos Communications Congress, a hacker event scheduled to take place in Germany in December, he does plan to publish a list of the SIM card security used by various operators.

      Michelle Maisto
      Michelle Maisto has been covering the enterprise mobility space for a decade, beginning with Knowledge Management, Field Force Automation and eCRM, and most recently as the editor-in-chief of Mobile Enterprise magazine. She earned an MFA in nonfiction writing from Columbia University, and in her spare time obsesses about food. Her first book, The Gastronomy of Marriage, if forthcoming from Random House in September 2009.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×