million phones may be at risk due to the use of a coding pattern 70
Millions of phones may be vulnerable to eavesdropping due to the use of encryption obsolete, the 70, according to a study to be presented at the Black Hat Security Conference, which takes place on 31 July in Las Vegas.
expert in cryptography Security Research Labs, Karsten Nohl found a way around the safety of mobile phones and have access to the location of the device and the SMS functions, and allows changes in the number of voicemail.
Nohl’s research was based on the SIM card of the mobile phone, which when connected to a phone number authenticate software upgrades and the commands sent by the operator.
There are over 7 billion SIM cards in operation. To ensure privacy and security, SIM cards use encryption when communicating with the operator, but the encryption standards vary enormously.
Nohl’s research found that many SIMs use an encryption standard that dates back to the ’70s, called DES (Data Encryption Standard). The DES has been considered as a form weak encryption, and many traders have evolved safest forms of encryption. It is relatively easy to discover the private key used to sign the content encrypted with DES. The specialist Resear Security Labs did it in two minutes with a simple computer.
private DES key in hand, you can “subscribe” to updates malware with it and send to the device. The device identifies as sent by a legitimate source and allows access to sensitive data.
Using the private keyYES, an attacker can force the SIM card to load Java applets, which are essentially small programs that perform some function. These applets can send SMS, voicemail or change the location of the call, including predefined functions. “These features provide only a huge potential for abuse,” according to the company.
One of the possible solutions to the problem would be the use of SIM cards with high-level encryption and the use of Java virtual machines that restrict access to certain applets.
No comments:
Post a Comment