Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • Mobile

    Most SIM Cards Are Hackable With Two Texts: Security Firm

    By
    Michelle Maisto
    -
    July 23, 2013
    Share
    Facebook
    Twitter
    Linkedin

      SIM cards are the “de facto trust anchor” of mobile devices, Security Research Labs wrote in its most recent blog post. And yet, added the German firm, it’s found a way, with just two Short Message Service (SMS) texts, to break into a mobile phone and steal information, listen in on calls and even make purchases.

      SRL estimates that more than 7 billion SIM cards are in active use today and “many, if not most” rely on ’70s-era technology that it found crackable in just days.

      Once figured out, SRL founder Karsten Nohl told The New York Times in an interview reported July 21, the process can be accomplished in two minutes, from an everyday computer.

      “We can remotely install software on a handset that operates completely independently from your phone,” Nohl told the Times. “We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”

      Nohl found he was able to discover a SIM’s digital key by sending an SMS text masquerading as one sent by the phone’s wireless carrier. While most often the phones recognized that Nohl’s phone was using a false signature and broke off the communication, reported the Times, 25 percent of the time the phones responded with an error message that included its digital signature—which was enough for Nohl to figure out the SIM’s digital key.

      Nohl and his colleagues owned the phones that the hack was tried on.

      SRL plans to release the full findings of the two-year study it conducted with the GSM Association on Aug. 1 at the Black Hat security conference in Las Vegas.

      In the blog post, however, it did offer three points of advice.

      First, SRL wrote, SIM cards need to use state-of-the-art cryptography with “sufficiently long keys, should not disclose signed plaintexts to attackers and must implement secure Java virtual machines.” While some cards already do, many still don’t.

      Second, including an SMS firewall on phones could address “other abuse scenarios.”

      Lastly, it advises that networks implement filtering practices.

      “Remote attackers rely on mobile networks to deliver binary SMS to and from victim phones,” the firm said in its post. “Such SMS should only be allowed from a few known sources, but most networks have not implemented such filtering yet.”

      The Times report said that Gemalto, a Dutch maker of SIM cards, has been working closely with the GSM Association and received an early outline of Nohl’s report.

      It added that Nohl said he doesn’t plan to identify the operators whose SIM cards performed poorly in his study. But at the Chaos Communications Congress, a hacker event scheduled to take place in Germany in December, he does plan to publish a list of the SIM card security used by various operators.

      Michelle Maisto
      Michelle Maisto has been covering the enterprise mobility space for a decade, beginning with Knowledge Management, Field Force Automation and eCRM, and most recently as the editor-in-chief of Mobile Enterprise magazine. She earned an MFA in nonfiction writing from Columbia University, and in her spare time obsesses about food. Her first book, The Gastronomy of Marriage, if forthcoming from Random House in September 2009.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×