Sim Card vulnerability exposes millions of phones worldwide

(Credit: Amanda Kooser/CNET)

A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.

Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card’s digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset’s owner, Nohl warned.

“We can remotely install software on a handset that operates completely independently from your phone,” warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. “We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day. While the encryption method has been beefed up in the past decade, many handsets still use the older standard.

Tests showed that 1,000 cards in Europe and North America exhibited signs of the flaw. Nohl, who plans to detail the flaw at the Black Hat security conference in Las Vegas next month, said he has already shared the results of his two-year study with GSM Association, a trade group representing the cell phone industry.

GSM Association spokeswoman Claire Cranton told the Times that her organization had already passed the results on members of its group that still rely on the older standard.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” Cranton said in a statement.

Nohl, who has a doctorate in computer engineering from the University of Virginia, made headlines in 2008 by publicizing weaknesses in wireless smart card chips used in transit systems around the globe. A year later, he cracked the algorithm used on GSM (Global System for Mobile Communications) cell phones, which is designed to prevent attackers from eavesdropping on calls.


JuiceSky – today’s lifestyle advertisement mobile app


JuiceSky is your today’s leading lifestyle advertisement website delivering you with the latest happening and exciting promotions virtually through the World Wide Web and to your mobile devices.

JuiceSky is all about working together with your business in terms of marketing your advertisement to customers. It’s easy, effective and affordable. We help customers find you.

Finding the right advertisement is simple with JuiceSky. You have the power to choose from our categories or simply do a quick search. We deliver the right interest to you.

iPhone 5 trumped Galaxy S4 on user complaints at launch

Users have a love/hate relationship with these two, but one received a little more hate at launch. (Credit: CNET)

Users have a love/hate relationship with these two, but one received a little more hate at launch.
(Credit: CNET)

If you believe the griping on social media, then the iPhone 5 caused the most user angst of the major smartphone releases of the past year.

Social media analysts We Are Social gauged the reaction on Twitter, blogs, and forums following the release of the iPhone 5, Samsung Galaxy S4, Nokia Lumia 920, and BlackBerry Z10. What the research firm found, according to the Daily Mail, was that the percentage of comments about the iPhone with a negative connotation (20 percent, the highest ratio among the four phones studied) was nearly twice that of the rate of negative feelings expressed about the Galaxy S4 (11 percent, the lowest rate out of the four).

Before you accuse anyone of being any particular kind of fanboi, it’s worth revisiting the fall of 2012, when the iPhone 5 was launched — and when Apple found itself ensnarled in an Apple Maps PR nightmare, leading CEO Tim Cook to go so far as to issue a public apology for the half-baked product. The phone’s new lightning adapter wasn’t exactly universally welcomed by all users, either.

The Galaxy S4, by contrast, has avoided any such debacles that rise to a level of notoriety worthy of a faux New Yorker cover (although the campy media event for the phone’s release was certainly a valiant attempt.) It’s also worth pointing out that the echo chamber for any flub emanating from Cupertino is quite sizable. When Apple screws something up, word travels fast in these United States — just a consequence of having one of the most recognizable brands in the world.

Also telling is the finding that much of the online conversation about the Galaxy S4 was driven by discussion of the well … galaxy of new features introduced with the GS4. Say what you will about the true utility of eye-tracking, hovering fingers over your touch screen, and auto-pausing videos — the features certainly seemed to keep users distracted from spending much time griping about the relatively cheap feel of the materials used to make Samsung’s flagship phone.

In fact, We Are Social reports that 56 percent of online discussions about the GS4 focused on new or different features, compared with 37 percent for the Lumia 920, 29 percent for the iPhone 5, and 27 percent for the BlackBerry Z10.

But before we go drawing the conclusion that the iPhone is totally over, it’s important to note what’s arguably the most important metric culled from We Are Social’s data: The iPhone 5 received more than 10 times the amount of launch day chatter (1.7 million online conversations) than the Galaxy S4 (140,000) did.

So, this would be an appropriate time for iOS fans to type “score” over and over again in the comments below.

Originally posted at Crave