![]() ![]() SRL suggests three potential avenues: better cryptography with secure Java virtual machines an SMS firewall built into the handset which could also address the 'silent SMS' abuse and whitelist filtering to allow binary SMS messages only from a few known sources. It is not thought that any hackers have access to this vulnerability, and the mobile industry is already working on a solution. Java sandboxing on the device should prevent bad behavior, but, says SRL, "The Java sandbox implementations of at least two major SIM card vendors, however, are not secure: A Java applet can break out of its realm and access the rest of the card." This causes any calls or texts to go to the hacker’s device instead of your own. This is rejected by the device, but it "does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS." Rainbow tables on a standard PC can then crack a DES signature in less than two minutes and the cracked signature can be used to install a malicious Java applet. Sim Card Hacking, also known as a SIM Swap Attack, SIM Port Hacking, or SIM Hijacking, occurs when a hacker persuades your cell phone carrier to move your cell phone number over to their device instead of yours. To get the cryptographic key, Nohl sends the device an improperly signed OTA command. "These capabilities alone provide plenty of potential for abuse." "Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions," says SRL. These are SMS messages used to update the phone's software, but could be used by an attacker to install a malicious applet. Once this has been done, over-the-air (OTA) updates can be sent remotely to the target device. "DES keys were shown to be crackable within days using FPGA clusters, but they can also be recovered much faster by leveraging rainbow tables," says SRL. Whatever the exact number, the vulnerability seems to affect primarily older phones with older encryption – more specifically, devices that protect the SIM card with DES rather than Triple-DES. According to the NYT, however, Nohl "estimates as many as 750 million phones may be vulnerable to attacks." ![]() This would suggest that around the world, something like 500 million phones are vulnerable. ![]() Some details have been presented in a brief paper on the SRL website, and more in interviews with Forbes and the New York Times.įorbes states that using his technique, hackers could start with a list of one hundred phones and ultimately compromise 13 with a virus. Karsten Nohl, founder of Berlin's Security Research Labs (SRL), has given basic details of more detailed research that he intends to present at Black Hat Las Vegas on 31st July. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |