Printed from http://www.electronista.com

Wireless carriers counter-hack SIM card Java flaw, updating encryption

updated 11:44 pm EDT, Thu August 1, 2013

Carriers update SIM cards with Java flaw, preventing costly recall

By exploiting the same Java-based flaw that caused the problem in the first place, most major wireless carriers have fixed a critical problem with SIM cards crucial to mobile phones that could have revealed personal data from cellphones to malicious parties. The counter-hack saved the wireless industry millions of dollars that it would have cost to replace all the affected SIM cards.

The vulnerability was discovered by cryptographer Karsten Nohl of the German Security Research Labs. Nohl's research found that two targeted SMS texts could allow a hacker to send premium text messages, re-direct and record calls and potentially undertake payment system fraud of near-field communication (NFC)-equipped devices.

According to Nohl, the bug is the result of incorrectly configured and outdated Java card software, combined with weak encryption keys. There is no way of the user determining if a SIM card has the vulnerable version of the software. Nohl's testing discovered that some shipments could be compromised, while others had newer code, protecting them from intrusion. Around a quarter of the cards Nohl and his team tested were vulnerable, translating to around 500 million devices with susceptible SIM cards worldwide.

Regarding the unique fix, Nohl praised the wireless companies. "They're adopting hacking methods to make it more secure," he said at the Black Hat conference. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Samsung Galaxy S 5

The Samsung Galaxy S5 might be the phone that Android users have been craving for some time. Information coming out of Mobile World Co ...

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Sponsor

toggle

Most Commented

 
toggle

Popular News