Is Your Mobile Phone SIM Card Really Safe And Secure? | TechTree.com

Is Your Mobile Phone SIM Card Really Safe And Secure?

New information reveals that it is inherently quite vulnerable to attacks.

 

Millions of mobile phone users are said to be at risk of being hacked and losing confidential information, thanks to a vulnerability that is inherent to SIM cards. Leading security expert Karsten Nohl has revealed that it is possible to discover digital keys associated with a SIM, by sending it a special text message. This can potentially be used by cybercriminals to steal cash or other information from the subscriber. Apparently, one in eight SIM cards can face this security flaw.

The vulnerability has been blamed on SIMs using outdated DES encryption to receive OTA commands, instead of the newer and better AES or 3DES. Once the hacker sends such a message to the target SIM, it replies with an error code with a cryptographic signature, which the hacker can then decrypt on a standard computer in just 2 minutes! After has gains complete access to the SIM, the hacker can then proceed to deploy malware in the form of applets that downloads to the SIM and can undertake tasks such as sending unauthorised SMS, change voicemail numbers, and query your location.

All is not lost, as there is light at the end of the tunnel. Nohl mentions that there are ways to secure such SIMs. The first thing to do is to install the latest SIM cards, which come with state-of-the-art cryptography. The second measure needs to be implemented by handset makers, with an SMS firewall option to prevent such scenarios by prohibiting silent SMS. The third and the last mentioned step has to be taken by the network operator, by enabling SMS filtering at their end. This will prevent remote attackers from using their network to deliver the hack SMS to the victim's SIM.


TAGS: Mobile Phones, Security

 
IMP IMP IMP
##