The U.N and cell phone vulnerability

The U.N and cell phone vulnerability

This post is also available in: heעברית (Hebrew)

10480887_sThe United Nations  is warning telecommunications regulators and  government agencies  about significant vulnerabilities in cell phone technology which would allow hackers to attack at least half a billion mobile phones worldwide.
Yahoo! reports that the bug will allow hackers to access compromised Subscriber Identity Modules (SIMs) to commit financial crimes and electronic Espionage. iPhones, Androids and Blackberrys are vulnerable.
The UN’s International Telecommunications Union (ITU) has called the situation “hugely significant, “and said the warning will also go to mobile companies, academics and industry experts.
“These findings show us where we could be heading in terms of cybersecurity risks,” ITU Secretary General Hamadoun Touré said.
The GSMA, which represents mobile operators around the world, also looked into the potential threat.
“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” GSMA spokeswoman Claire Cranton said.
Berlin’s Security Research Labs will give a presentation on the vulnerabilities at the Black Hat hacking conference in Las Vegas on July 31st.

www.i-hls.com

According to HLS news wire in the past it has been difficult for hackers to crack SIM cards because they are located inside phones and allow operators to identify and authenticate subscribers and their networks.
Once a SIM is copied, the hacker can make calls and send text messages under the owner’s information.
Attacks, however, can only grant access to the data stored on the SIM card, which means financial information stored outside the card is safe from this hacking method.
Karsten Nohl, the leader of the research team which will conduct the presentation at Black Hat, said that data stored outside of a SIM card is vulnerable to a wide range to attacks already known, which is why the industry started putting information on SIM cards to begin with.
According to Nohl, the hacking only works on SIM cards that use an old encryption code known as DES. At least 500 million mobile phones are currently vulnerable to the attacks.
Apple and Google have not commented on the situation, but Adrian Stone, Blackberry’s director of security response and threat analysis, said that Blackberry proposed new SIM card standards last year to protect against this types of attacks. The GSMA has adopted the standard and advised other members to implement it.