Originally published August 5 2013
Massive security breaches in mobile phone technology are imminent
by J. D. Heyes
(NaturalNews) As I've said often enough, technology has become a double-edged sword, improving our daily lives and making us healthier and safer while at the same time being utilized by our unscrupulous government to shred our privacy and destroy the Fourth Amendment.
Problem is, those kinds of privacy breaches are only going to become more frequent.
In fact, according to a United Nations group that advises countries on cybersecurity issues and as reported by Reuters, there exist "significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones."
SIM compromise is a big deal
Discovered by a German company, the bug apparently lets hackers gain remote access control of certain SIM cards, and also allows them to be cloned. More from Reuters:
Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.
The International Telecommunications Union, which is based in Geneva, reviewed the research and said it is "hugely significant."
"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Toure told Reuters.
Toure said his agency planned to notify telecom regulators and other government agencies in some 200 counties about the possible threat. He also said he would pass the information along to scores more mobile phone companies, industry experts and academics.
"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton. She said her group, which represents about 800 mobile providers around the world, also reviewed the research.
Nicole Smith, with Gemalto NV, the world's biggest SIM card manufacturer, told Reuters her firm supported GSMA's response to the research.
"Our policy is to refrain from commenting on details relating to our customers' operations," the spokeswoman said.
Being able to crack SIM card code is nirvana for hackers; in those tiny phone devices is where operators ID and authenticate subscribers to networks.
The chief scientist who led the research, Karsten Kohl, had planned to reveal it at Black Hat. He added that the hacking will only work on SIMs that utilize an older encryption technology, DES - but, he also said at least 500 million phones are vulnerable to such attacks, a figure he called conservative. In all, there are about 6 billion mobile phones in use around the world.
As it turned out, he didn't have to.
Finding a fix - for now
Since the discovery of the bug, major wireless carriers have moved to fix it. According to CNN:
Nohl was scheduled to demonstrate his SIM card hack Wednesday at Black Hat, a computer-security conference in Las Vegas. Instead, he announced that five wireless carriers had rushed to push out updates that patched the problem. Because of the fix, he was only able to demonstrate parts of the hack. Nohl declined to name the carriers involved.
As it turns out, the fix proved better - both in technical and economic terms. Replacing hundreds of millions of SIM cards compromised by the bug would have been an enormously expensive undertaking for mobile companies. So they came up with a better solution: "They took advantage of the same Java vulnerability Nohl found and used it to hack into their own cards and rewrite parts of their operating systems," CNN said.
It was a quick step that Nohl praised.
"They're adopting hacking methods to make it more secure," he said at a press conference ahead of Black Hat. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."
And while this catastrophe was averted, you can rest assured that hackers are out there, right now, still trying to find a way into your SIM card. Eventually, they will again.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml