作者Debian (Debian)
看板MobileComm
標題[新聞] 柏林安全研究室發現SIM卡安全疑慮
時間Tue Jul 23 02:46:49 2013
Karsten Nohl, the founder of Berlin's Security Research Labs, has announced an exploit for SIM cards using the outdated 56-bit DES algorithm for its signature verification. The security researcher found that it was possible to exploit the SIM card's SMS over the air (OTA) update system that is built with Java Card — a subset of Java that allows applets to run on small memory devices. "OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM," said a blog post on SRLabs.de. "While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher." DES is no longer recommended for modern-day use, after being shown to be breakable in 1998. The DES cracker used by the Electronic Frontier Foundation (EFF) in 1998 took 56 hours to complete the brute-force attack; Nohl was able to crack the DES encryption in two minutes on a modern computer with the use of rainbow tables. The attack vector that Nohl used starts by sending an improperly signed binary SMS to the target device, which will not be executed by the SIM because of a signature verification failure, but sometimes a target will respond with an error code that contains the device's cryptographic signature. Once this signature is resolved using a rainbow table, the DES key is known within a couple of minutes. From this point, the attacker is able to send properly signed binaries that could allow them to download Java Card applets, send SMSes, change voicemail numbers, and query location data. The SIM can also be cloned and used in a variety of mobile payment solutions that rely on payment credentials stored in the SIM. Three options for a better defence against the attack are noted in the blog post. The simplest is updating the cryptographic algorithms used in SIM cards, with an alternative being the addition of a handset SMS firewall to allow users to select which sources of binary SMS to trust. The final recommendation was for the network carriers to filter binary SMS sources themselves. Up to 750 million phones may be vulnerable, Nohl told The New York Times. "We can remotely install software on a handset that operates completely independently from your phone," Nohl told the NYT. "We can spy on you. We know your encryption keys for calls. We can read your SMSes. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account." Nohl came to prominence in 2009 when he cracked the algorithm used to encrypt calls made on GSM networks. The research will be presented by Nohl at the upcoming BlackHat conference on July 31.
http://www.zdnet.com/des-encryption-leaves-sim-cards-vulnerable-to- exploitation-7000018352/ 一開始在看今年的黑帽研討會議程, 結果就看到了這項消息, 然後找了一下外國媒體的報導, 看起來有問題的SIM卡似乎是不少, 希望不要有惡意的hacker蓄意攻擊, 不然事情就真的大條了。 期待今年的黑帽研討會有什麼驚人的發現:) 。 另外補上柏林安全研究室的官方新聞稿
https://srlabs.de/rooting-sim-cards/ --
※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 111.243.1.100
This entry passed through the Full-Text RSS service — if this is your content and you're reading it on someone else's site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers. Five Filters recommends: 'You Say What You Like, Because They Like What You Say' - http://www.medialens.org/index.php/alerts/alert-archive/alerts-2013/731-you-say-what-you-like-because-they-like-what-you-say.html
留言列表
留言列表
