Weak SIM card encryption and confidential information leakage

Source: Internet
Author: User

Release date:
Updated on: 2013-07-26

Affected Systems:
SIM card vendor SIM Cards
Description:
--------------------------------------------------------------------------------
The SIM card is short for the Subscriber Identity Module (Customer Identification Module), also known as a smart card or user identification card. This card must be installed on a GSM digital mobile phone.

Data and Applications in SIM cards can be remotely managed through OTA (Over-the-Air) technology, the carrier can push custom JAVA software to the SIM card in OTA mode for extended usage.

Some SIM card design implementation problems exist. Some SIM cards use the obsolete DES encryption method in 1970s to sign data and applications. In some cases, attackers may obtain response data containing key information, the malicious app with the signature is easily pushed to the SIM card for installation and execution, and more confidential information is obtained to copy the user's SIM card.

<* Source: srlabs

Link: https://srlabs.de/rooting-sim-cards/
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Use a more advanced SIM card.

* Use the SIM card firewall on your mobile phone.

* The carrier filters binary SMS messages based on the source.

Vendor patch:

SIM card manufacturers
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that you keep an eye on the vendor's homepage to obtain the latest version.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.