Saturday, July 27, 2013

SIM security flaw EXposed!!!

Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times on Sunday that he has discovered a flaw in the encryption technology used in some SIM cards. This vulnerability could allow hackers to eavesdrop on the device owner while in a call, make purchases through mobile payment systems, and possibly even impersonate the device owner. Around 750 million devices could be vulnerable to attacks thanks to this flaw. According to the paper, the newly discovered encryption hole allows the attacker to obtain the SIM card's 56-digit key. Nohl said that he was able to acquire a key by sending the target device an SMS using a false signature for the device's wireless carrier. Typically, both the device and wireless carrier verify their identities by comparing digital signatures. If a device recognizes a false signature, it will end transmission. <more>

No comments: