A researcher has discovered a vulnerability that allows, by sending some SMS, gain access to the SIM card of a user in order to listen to calls, send messages and steal data
Neither the SIM card, one of the key elements that allow us to use the services of a telecom operator a mobile phone, is immune to potential computer threats. According to Karsten Nohl of Security Research Labs, some SIM cards are vulnerable to a security flaw that allows itself to be exploited by some simple text messages.
To camouflage a SMS in order to make it appears to have been sent by a telecom operator, Nohl says that – in a quarter of cases – is received back an error message with the information necessary to access the digital switch SIM card. Access to this information, in turn, enables the sending of an SMS that opens up the card in order to listen to calls, send messages, make purchases via the phone or steal data. This process does not take more than “two minutes and uses a simple personal computer”, although only affecting SIM cards availing the old standard for encrypted data (DES). It should be noted that the other three quarters of SIM cards that use the old DES system recognize the initial message as fraudulent, while SIM cards covered by the new standard Triple DES are unaffected. There are not yet a concrete number for SIM cards that are affected by this vulnerability, but Nohl moves an estimated 750 million. SIM card manufacturers, telecom operators and even the GSM Association are already well informed about this vulnerability.telemoveis.com *
No comments:
Post a Comment