A quarter of mobiles phones using DES encryption rather than the newer triple-DES for their SIM cards are vulnerable to an attack via SMS that results in a complete takeover of the phone.
German security researcher Karsten Nohl, founder of Berlin's Security Research Labs, who previously busted GPRS encryption and cracked transport smartcard encryption keys with a microscope, has told the New York Times and Forbes about the attack, which he will outline to the August Black Hat conference in Las Vegas.
While Nohl is holding back some details of the attack until his Black Hat talk, he says he has developed a technique that allows him to obtain the 56-bit DES encryption key of a SIM by sending a text message that spoofs the phone's operator. With the key in hand, a second text message will install software on the target device that takes over the phone completely – including eavesdropping and impersonation attacks.
“We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account”, Nohl told the NYT.
Forbes' report suggests Java Card, an Oracle product Big Red says "provides a secure environment for applications that run on smart cards and other devices with very limited memory and processing capabilities", is the source of the vulnerability.
Of the six billion mobiles currently in service, about half still use DES encryption. In a sample of 1,000 SIMs tested over two years, Nohl said one-quarter were vulnerable – which suggests as many as 750 million vulnerable devices are in the field.
Nohl has disclosed the vulnerability in full to the GSM Association, and the ITU is planning an advisory to all mobile phone operators.
Sunday, July 21, 2013
Saturday, July 6, 2013
Windows 7 Tablets anyone? Dell Latitude ST Tablet Comes to India
Windows 7 Tablets anyone? Dell Latitude ST Tablet Comes to India
OnlyGizmos For once, this is not your usual consumer centric tablet. But then, since anything that passes off as a tablet evicts tremendous consumer interest, here is what the Dell Latitude ST is all about. ... |
VMware Retracts OS X Client Virtualisation Following Goof Up
ITProPortal |
VMware Retracts OS X Client Virtualisation Following Goof Up
ITProPortal And, now Fusion 4.1 is giving users a "confirmation screen" to remind "verify that the operating system is licensed to run in a virtual machine." reported ARS Technica. The blog post says that this confirmation screen is supposedly the new feature in ... VMWare releases Fusion 4.1.1 update VMware Fusion 4.1 released |
Monday, July 1, 2013
Lenovo 5-inch Android tablet leaks - CNET UK
CNET UK |
Lenovo 5-inch Android tablet leaks
CNET UK Now Lenovo is backing the small size, if this picture of a 5-inch Android tablet is genuine. An anonymous tipster sent the images to Engadget. And while there aren't that many specs, what we do know looks pretty good. The device is dual-core, ... Lenovo 5inch IdeaPad Android Tablet Leaks Lenovo Offers First Android Tablet with Multi-Carrier Mobile Broadband ... Lenovo 'working' on 5-inch Android tablet |