Security researcher Karsten Nohl has shown that if you send some mobile phones an SMS that appears to originate with the phone company, the phone will SMS back an error message containing sensitive info about its SIM. With this info, you can send another SMS that terminally compromises the phone, giving the attacker the ability to listen in on calls, read texts, and impersonate the phone's owner. He disclosed the vulnerability to the GSM association early, and on August 1 he'll present his work at Black Hat in Las Vegas. At the root of the problem is a reliance on an older, compromised form of crypto, DES:
For each message, the network and the phone verify their identities by comparing digital signatures. The message sent by Mr. Nohl deliberately used a false signature for the network. In three-quarters of messages sent to mobile phones using D.E.S. encryption, the handset recognized the false signature and ended communication.
But in a quarter of cases, the phone broke off the communication and sent an error message back to Mr. Nohl that included its own encrypted digital signature. The communication provided Mr. Nohl with enough information to derive the SIM card’s digital key.
Mr. Nohl said he had advised the GSM Association and chip makers to use better filtering technology to block the kind of messages he had sent. He also advised operators to phase out SIM cards using D.E.S. encryption in favor of newer standards. He added that consumers using SIM cards more than three years old should get new cards from their carriers.
Encryption Flaw Makes Phones Possible Accomplices in Theft
(Image: MTN SIM card, a Creative Commons Attribution Share-Alike (2.0) image from warrenski's photostream)
There’s a wealth of found-comedy in watching this gang of armed, helmeted robbers try in vain to smash the glass in this Malaysian jewelry store in Jalan Besar, Sungai Buloh: the hammers bounce off the fantastically tough glass, whose resilience is positively otherworldly, while the otherwise beautifully choreographed robbery (which includes some pretty snazzy outfits!) […]
Ladder lockdown is a metal tray with super-grippy patches on its underside; set it down on any surface (including ice!) and then set your ladder’s feet in the tray and cinch it in place and the ladder won’t “kick out” and injure you and your loved ones.
Eser Dominoes are an interesting proof of concept that won a juried award at the 14th Japan Media Arts Festival.
The TREBLAB X11 Earphones are versatile, offer great sound, and are currently $32.99 in the Boing Boing Store.These Bluetooth earbuds are a great workout companion. They’re totally sweat proof and their ear-fins keep them snugly in place during high activity — something that Apple’s AirPods can only do if you were blessed with precisely the […]
Whether you’re a seasoned entertainment industry veteran or a student working on your first spec script, having the right tool for the job will make a huge difference in your focus and productivity.Final Draft 10 is far and away the world’s best screenwriting software, used extensively by professional film and TV writers at top production […]
Web content creators who don’t have a solid SEO strategy should take note of Webtexttool. It’s a service that pulls in anonymous data from their entire user base to offer crowdsourced guidance that increases your search page ranks. By analyzing prior user successes, it helps you better gauge how your posts will perform at a […]