A new research by Karsten Nohl will soon be present at the Black Hat security conference, explaining the vulnerability of SIM cards.
Smartphones users have to be very careful about their SIM card and its data. It is because the data can be stolen easily and it has less to do with your carrier or brand of smartphone that you use, as the problem lies in the SIM card itself.
A new research will soon be present at the Black Hat security conference, explaining the vulnerability of SIM cards. The man behind the research is Karsten Nohl, an expert cryptographer with Security Research Labs, who claims to have found a way, by using which he can gain access to the data and information on your smartphone. Using his methods, Nohl can access your devices’ location, SMS functions and also allow him to make changes to a person’s voicemail number.
According to Nohl, the reason why these SIM cards are so insecure is because they still rely on cryptographic methods designed in the 1970s, which are completely outdated and easy to break. In his research, he found out that a majority of SIM cards use a weak encryption standard called DES (Data Encryption Standard) that comes from the 1970s era, and hence it’s not really a standard anymore.
Security Research Labs has also given a demo, showing how their research has worked. A binary code was sent over an SMS to a device using a SIM with DES encryption. The binary code did not have the correct cryptographic sign; hence the code failed to run on the device. But the problem arises when the SIM tries to reject the code, it sends backs an error code over SMS attaching its own encrypted 56-bit private key.
This encrypted private key can be easily decrypted using the right set of tools and tables. In fact, the team at Security Research Labs was able to decrypt this key in just two minutes using a normal computer and a rainbow table.
With the demonstration, it has almost been proven that an uncountable number of SIM card users are in potential danger as their privacy could get violated any time, and they won’t even have a clue.