Printed from http://www.electronista.com

Wireless carriers counter-hack SIM card Java flaw, updating encryption

updated 11:44 pm EDT, Thu August 1, 2013

Carriers update SIM cards with Java flaw, preventing costly recall

By exploiting the same Java-based flaw that caused the problem in the first place, most major wireless carriers have fixed a critical problem with SIM cards crucial to mobile phones that could have revealed personal data from cellphones to malicious parties. The counter-hack saved the wireless industry millions of dollars that it would have cost to replace all the affected SIM cards.

The vulnerability was discovered by cryptographer Karsten Nohl of the German Security Research Labs. Nohl's research found that two targeted SMS texts could allow a hacker to send premium text messages, re-direct and record calls and potentially undertake payment system fraud of near-field communication (NFC)-equipped devices.

According to Nohl, the bug is the result of incorrectly configured and outdated Java card software, combined with weak encryption keys. There is no way of the user determining if a SIM card has the vulnerable version of the software. Nohl's testing discovered that some shipments could be compromised, while others had newer code, protecting them from intrusion. Around a quarter of the cards Nohl and his team tested were vulnerable, translating to around 500 million devices with susceptible SIM cards worldwide.

Regarding the unique fix, Nohl praised the wireless companies. "They're adopting hacking methods to make it more secure," he said at the Black Hat conference. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News