At this year's Black Hat USA security conference cryptographer and security researcher Karsten Nohl will be presenting his findings on SIM card insecurities. While Nohl's research revealed that about one-quarter of the tested SIM cards were vulnerable to an attack that exploits an outdated encryption standard, it's unclear at this point exactly who should be worried.
Nohl isn't revealing the full details until his talk on August 3rd, but when asked specifically about iPhones, he told iMore:
No devices can be ruled out.
Of course, that doesn't provide a lot of clarity as to who should worry. Since the exploit is dependent on the SIM cards in use, not the device, the vulnerabilities that Nohl identified depend on carrier and which SIM cards they provide, not necessarily the devices they're put in.
The good news is that Nohl has already shared his findings with the GSM Association, who then passed the findings on to cellular network operators and SIM card manufacturers who could be vulnerable. The exploit relies on an old encryption algorithm, DES, still used on some SIM cards. Carriers who haven't done so already will need to update to Triple DES or AES, newer, more secure standards that is not susceptible to the same attack.
For now, people should try not to worry, as there are no signs that this vulnerability is being exploited in the wild. Once Nohl gives his presentation we should know more about which users might be affected and hopefully carriers are already in the process of updating any outdated SIMs they might have.
Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/8Hz0kFb-Yfc/story01.htm
No comments:
Post a Comment