Security researcher Karsten Nohl has shown that if you send some mobile phones an SMS that appears to originate with the phone company, the phone will SMS back an error message containing sensitive info about its SIM. With this info, you can send another SMS that terminally compromises the phone, giving the attacker the ability to listen in on calls, read texts, and impersonate the phone's owner. He disclosed the vulnerability to the GSM association early, and on August 1 he'll present his work at Black Hat in Las Vegas. At the root of the problem is a reliance on an older, compromised form of crypto, DES:
For each message, the network and the phone verify their identities by comparing digital signatures. The message sent by Mr. Nohl deliberately used a false signature for the network. In three-quarters of messages sent to mobile phones using D.E.S. encryption, the handset recognized the false signature and ended communication.
But in a quarter of cases, the phone broke off the communication and sent an error message back to Mr. Nohl that included its own encrypted digital signature. The communication provided Mr. Nohl with enough information to derive the SIM card’s digital key.
Mr. Nohl said he had advised the GSM Association and chip makers to use better filtering technology to block the kind of messages he had sent. He also advised operators to phase out SIM cards using D.E.S. encryption in favor of newer standards. He added that consumers using SIM cards more than three years old should get new cards from their carriers.
Encryption Flaw Makes Phones Possible Accomplices in Theft
(Image: MTN SIM card, a Creative Commons Attribution Share-Alike (2.0) image from warrenski's photostream)
A flashlight review that begins with the promise “I’m about to hike through a remote canyon to an abandoned mine, and I gotta tell you there’s a storm raging outside” should end on an interesting note, and this one does. [via] Disturbing, strange sounds. That’s exactly what I caught on video while filming and documenting […]
Reflectacles, the hyper-reflective Ray Ban-style $75 glasses frames that Scott Urban is Kickstarting have a new feature: now you can get ones doped with materials that reflect the infrared light that CCTVs kick out to let them capture images in low light, which blind cameras’ sensors. Cool!
Typewriter historian Martin Howard (previously) writes, “I was able to pick up a rare and exquisite Waverley typewriter (1896) this summer in Scotland and have just the other day posted it to my website all cleaned and ready to show.”
Loot Crate is a totally different kind of subscription service that mails subscribers monthly boxes filled with curated geek, pop culture, and gamer paraphernalia. Its cult following awaits a box every month filled with everything from bobble heads to T-shirts to special edition collectibles. But nothing gets Loot Crate fans as excited as the limited […]
The ARMOR-X Mini Flexible Phone Tripod is a smartphone tripod that is designed with flexible legs to rest on virtually any type of surface. Other tripods have proved useless unless I conveniently have a flat surface in front of me, which is why this particular tripod was appealing enough to try out. The ARMOR-X is compact and easy […]
You don’t need to get an advanced degree and take out massive loans to become a coder. This bundle of 10 courses was designed to teach anyone to code at home for less than it costs to go out for dinner. I was particularly impressed with this new 2017 bundle because it includes courses on […]