SIM card is exposed using SMS to send virus 750 million phone or affected

Source: Internet
Author: User
Keywords SMS SIM card
Phoenix Science and technology news Beijing Time, July 22, according to the New York Times, a German mobile security experts said recently, it found a mobile phone SIM card security technology in a loophole, hackers use this vulnerability to user phone control and constitute cybercrime. Kasten Nore Karsten Nohl, founder of the Security Research Laboratory in Berlin, said the encryption flaw on the SIM card allowed hackers to get the SIM's digital key-a 56-digit sequence of digits that hackers could use to open the SIM card chip and modify it. Noel also said that when he received the key, the SIM card users can send the virus through a text message, so that hackers can monitor the user calls, through the mobile payment system shopping, or even as a mobile phone owner to speak outside. According to Noel, it takes about two minutes to get a user through a SIM card, and only a simple personal computer. He estimates that up to 750 million phones could be attacked. "We can remotely install spyware on your phone and operate completely with your phone," he said. "We can spy on you," says Noel. We know the encryption key for your call. We can read your short message. We're not just listening to your phone, we can also steal your SIM data, even your mobile identity and the money in your account. "The SIM card encryption flaw that he discovered exists because these SIM cards are encrypted using a" Data Encryption Standard "(encryption standard, referred to as" the D.e.s. "), which was introduced in the 70 's. Encryption method. After discovering the vulnerability, he conducted a universal study through two years of SIM cards on 1000 mobile phones running on the European and North American mobile networks (of course, these phones and SIM cards are owned by both himself and his research team). According to Noel, the study found that about One-fourth of the SIM cards still run the old encryption technology with security vulnerabilities. It is reported that the current global use of mobile phones around 6 billion, of which about half of the mobile phones are used "D.E.S." Encryption technology. For the past 10 years, most operators have been using a more secure encryption method known as "three-dimensional d.e.s", but many carriers are still using old standards. Encryption is to disguise the SIM card, so that each cell phone has a unique digital signature. "We have taken into account the consequences and instructed the network operators and SIM suppliers to consider the possible impact," Claire Cranton, spokesman for the GSM association, said in a statement Clerclers Clanton. She adds that it is likely that only a handful of mobile phones use the old "vulnerable" standard. Clanton declined to comment on Noel's comments that "there will be 750 million potential attacks on mobile phones," and said the GSM association would not comment on the review before the Las Vegas Black Hat conference. Holland BigSIM supplier Gemalto said the GSM Association had informed the company of the initial findings of Noel, and the German SIM card maker Giesecke & Devrient said it had "analyzed the attack plan". Noel said he had suggested that GSM associations and chip makers use better filtration techniques to prevent similar attacks. He advises operators to phase out SIM cards that use "D.E.S." Instead of using new encryption techniques. He added that when consumers use a SIM card for more than three years, the operator should replace the new SIM card for the user. Giesecke & Devrient said in a statement that it had been phasing out the use of "D.E.S" since 2008. Encryption technology SIM card. The German company says its SIM card uses a unique operating system and even uses "D.E.S." Encryption technology, there will be no "authentication code messages" as described in Noel. (Compile/Joshui)
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.