Printed from http://www.electronista.com

Wireless carriers counter-hack SIM card Java flaw, updating encryption

updated 11:44 pm EDT, Thu August 1, 2013

Carriers update SIM cards with Java flaw, preventing costly recall

By exploiting the same Java-based flaw that caused the problem in the first place, most major wireless carriers have fixed a critical problem with SIM cards crucial to mobile phones that could have revealed personal data from cellphones to malicious parties. The counter-hack saved the wireless industry millions of dollars that it would have cost to replace all the affected SIM cards.

The vulnerability was discovered by cryptographer Karsten Nohl of the German Security Research Labs. Nohl's research found that two targeted SMS texts could allow a hacker to send premium text messages, re-direct and record calls and potentially undertake payment system fraud of near-field communication (NFC)-equipped devices.

According to Nohl, the bug is the result of incorrectly configured and outdated Java card software, combined with weak encryption keys. There is no way of the user determining if a SIM card has the vulnerable version of the software. Nohl's testing discovered that some shipments could be compromised, while others had newer code, protecting them from intrusion. Around a quarter of the cards Nohl and his team tested were vulnerable, translating to around 500 million devices with susceptible SIM cards worldwide.

Regarding the unique fix, Nohl praised the wireless companies. "They're adopting hacking methods to make it more secure," he said at the Black Hat conference. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Cat B100

Cat is primarily known for its heavy-duty machinery used in the construction industry and farming, among other areas. What may not be ...

Linksys EA6900 AC Router

As 802.11ac networking begins to makes its way into more and more devices, you may find yourself considering an upgrade for your home ...

D-Link DIR-510L 802.11AC travel router

Having Internet access in hotels and other similar locations used to be a miasma of connectivity issues. If Wi-Fi was available, it wa ...

Sponsor

toggle

Most Commented

 
toggle

Popular News