Cracked encryption allows hackers to potentially clone your SIM, priovided you're still using an out-dated encryption protocol.
Over the weekend some news broke about an exploit that affects millions of phone users. Apparently, the encryption used has a flaw that allows a hacker to clone the encryption credentials of a SIM (Subscriber Identity Module) card, potentially allowing them to clone your SIM card and retrieve things like information about your plan and payments, or identify you on the network.
It sounds scary, and it is for the 500 million affected SIM cards in the wild. But like any good security scare worth it's salt, there's a lot more to the story than we're hearing. Click through and we'll talk about it a bit.
Source: Security Research Labs
How it works
An attacker can send a command that looks a lot like the command your carrier sends to let your phone know there is an over-the-air update ready. This command is invalid, because the attacker doesn't have the correct encryption key. Your phone will then send back an error message that is signed with the correct encryption key. Once the potential hacker has the correct signing key, they can use some software to brute-force crack the key and have a copy of their own. Using this valid key, a new message can be sent about an OTA, which your phone will download because the key is valid. This OTA can be an application that retrieves all your SIM card data, allowing the attacker to clone it.
With this cloned copy of your SIM, they can then authenticate themselves as you on the carrier network. Sounds frightening, right?
What we don't know
There is one big ugly problem with all of this. The encryption method that can be broken, DES-56, was originally cracked in 1998 by the EFF. By now, nobody should be using a known broken encryption method. Of the seven billion plus SIM cards in existence, approximately 500 million are affected.
500 million of anything is a lot, but compared to 7 billion (with a b) it's a small portion. The reports about this flaw all leave out the most vital information -- who, exactly, can be affected by this exploit?
The folks who re-discovered the DES-56 crack, led by Karsten Nohl, chief scientist at Security Research Labs in Berlin, are giving a big speech about the exploit at the Black Hat conference in Vegas at the end of July. Until then, we don't really have the details. We'll let you know more when someone decides to let us know.
In the meantime, put the tin foil away. We'll know all the details in about a week.
- Filed under: