SIM card is revealed free SMS send 750 million phones under threat |
IT information network On July 22, 2013

Phoenix technology-the news July 22, according to the New York Times reported, Germany a mobile security expert has revealed his mobile phone SIM card was found a vulnerability on the secure encryption technology, hackers exploit the vulnerability the user calls for control and cybercrime.

Germany Berlin "security research laboratory" the founder kasiteng·nuoer (Karsten Nohl), the encryption vulnerability could allow hackers to obtain on the SIM card SIM number keys – a 56-bit numeric sequence, hackers use this key to open the SIM card chip and to modify it.

Noel also stated that when he obtained the keys, via a text message to the SIM card user to send viruses, hackers can get the mobile payment systems are user calls, shopping, and even mobile phone ownership to foreign calls. Noel says, by vulnerability to get a SIM card users it takes about two minutes, but just a simple personal computer. He estimated that about as much as 750 million cell phones may be under attack.

"We can remotely install spyware on your phone, and your cell phone completely independent operation. "Noel said," we can watch you. We know that your encryption key on the phone. We can read your messages. We are not only able to keep tabs on your phone, we can also steal your SIM data, or even move your identity and money in your account. ”

Noel said his SIM card by encryption vulnerability exists, because the SIM card is encrypted using a 70-put on, is known as "data encryption standard" (the data encryption standard, referred to as "D.E.S." ) Encryption method. After discovering the flaw and adopted him two years, runs mobile networks in Europe and North America 1000 study on universal mobile phone SIM cards (of course, these phones and SIM cards are all that he and his research team members). Noel says, the study found some one-fourth SIM card still runs the old encryption technologies for vulnerabilities.

It is learnt that the everyday mobile phones in the world at present, there are about 6 billion, of which approximately half of the phones used "D.E.S." Encryption technology. In the past ten years, most operators began using what are called "three dimensional D.E.S", confidentiality, the stronger encryption methods, but many operators are still using the old standard. Encryption is to cover up the SIM card, so that each cell phone has a unique digital signature.

GSM Association spokesman kelaierkelaier·kelandun (Claire Cranton) said in a statement that "we have taken into account the consequences, and direct those network operators and suppliers of SIM to consider may be affected. "She adds, probably only a minority of cell phone use" vulnerable "old standards.

Clanton Noel estimate "will have 750 million phones potential attacks may" comment declined to comment before an assessment and that black hat Conference in Las Vegas, GSM Association will not comment on this.

Netherlands large SIM vendor Gemalto said the GSM Association are on the preliminary findings of the company informed about Noel plus Germany SIM card manufacturer Giesecke&Devrient company also said that it had "analyzed the attack package".

Noel said that he had suggested and chip manufacturers to use the GSM Association better filtering technology to prevent similar attacks. He recommended that operators to gradually phase out the use of "D.E.S.", instead use SIM cards of new encryption technologies. He also added that when consumers use a SIM card after more than three years, carriers should give users replace the SIM card.

Giesecke&Devrient company said in a statement that it had starting from 2008 to gradually phase out the use of "D.E.S." Encryption of the SIM card. This Germany companies said that their SIM card uses a unique operating system, and even use "D.E.S." Encryption technology, there will be no Noel referred to the kind of "message authentication code".

(SIM卡被曝可用短信发送病毒 7.5亿部手机受威胁 | IT资讯网
2013年07月22日

凤凰科技讯 北京时间7月22日消息，据《纽约时报》报道，德国一位移动安全专家日前透露，其发现了手机SIM卡安全加密技术上的一处漏洞，黑客利用该漏洞可对用户电话进行控制并构成网络犯罪。

德国柏林的“安全研究实验室”创始人卡斯滕·诺尔(Karsten Nohl)表示，SIM卡上的该加密漏洞允许黑客获取SIM的数字密钥——一个56位的数字序列，黑客利用该密钥可打开SIM卡芯片并对之进行修改。

诺尔还称，当他获得该密钥后，可通过一条文本短信向该SIM卡用户发送病毒，致使黑客能够监听用户来电、通过移动支付系统购物，甚至以手机主人身份对外通话。诺尔称，通过SIM卡漏洞搞定一个用户需约两分钟时间，而且仅需一台简单的个人电脑。他估计约有高达7.5亿手机可能受到攻击。

“我们可以通过远程方式在你的手机上安装间谍软件，与你的手机完全独立运作。”诺尔表示，“我们可以监视你。我们知道你通话的加密键。我们可以阅读你的短消息。我们并不仅仅能够监听你的电话，我们还可以窃取你的SIM数据，甚至是你的移动身份和你的账户里的资金。”

诺尔称，他所发现的SIM卡加密漏洞之所以存在，是因为这些SIM卡加密使用了一种上世纪70年代提出、被称为“数据加密标准”（data encryption standard，简称为“D.E.S.”）的加密方法。发现该漏洞后，他通过两年时间，在运行于欧洲和北美移动网络上的1000部手机的SIM卡进行了普遍性研究（当然，这些手机和SIM卡均属于他本人和他的研究团队成员所有）。诺尔称，研究发现大约有四分之一的SIM卡仍运行了存在安全漏洞的老的加密技术。

据悉，当前全球日常使用的手机大约有六十亿部，其中大约一半手机都采用了“D.E.S.”加密技术。在过去的十年时间里，大多数运营商开始采用一种被称为“三维D.E.S”、保密性更强的加密方法，但许多运营商仍旧在使用老标准。加密是为了掩饰SIM卡，使每部手机都拥有独特的数字签名。

GSM协会发言人克莱尔克莱尔·克兰顿(Claire Cranton)在一份声明中表示，“我们已经考虑到此事后果，并指导这些网络运营商和SIM供应商考虑可能会受到的影响。”她补充说，很可能只有少数手机使用了“易受攻击”的老标准。

克兰顿对于诺尔估计“将有7.5亿部手机潜在受到攻击的可能”的评论拒绝置评，并表示在拉斯维加斯黑帽大会作出评估之前，GSM协会不会对此进行评论。

荷兰大型SIM供应商Gemalto表示，GSM协会已向该公司通知了关于诺尔的初步发现；此外，德国SIM卡制造商Giesecke & Devrient公司也表示，其已“分析了这一攻击方案”。

诺尔表示，他曾建议GSM协会和芯片制造商使用更好的过滤技术来阻止类似攻击。他建议运营商逐步淘汰使用“D.E.S.”、转而使用新的加密技术的SIM卡片。他还补充说，当消费者使用的SIM卡超过三年时间后，运营商应该给用户更换新的SIM卡。

Giesecke & Devrient公司在一份声明中说，它已从2008年开始逐步淘汰使用“D.E.S.”加密技术的SIM卡。这家德国公司表示，它们的SIM卡使用了独特的操作系统，甚至使用了“D.E.S.”加密技术，也不会出现诺尔所述的那种“身份验证代码消息”的情况。

)