A UN group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion cellphones.
The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.
Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin’s Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.
The UN’s Geneva-based International Telecommunications Union (ITU), which has reviewed the research, described it as “hugely significant.”
“These findings show us where we could be heading in terms of cybersecurity risks,” ITU Secretary-General Hamadoun Toure said.
He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.
A spokeswoman for the GSM Association (GSMA), which represents nearly 800 mobile operators worldwide, said it also reviewed the research.
“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” GSMA spokeswoman Claire Cranton said.
Nicole Smith, a spokeswoman for Gemalto NV, the world’s biggest maker of SIM cards, said her firm supported GSMA’s response.
“Our policy is to refrain from commenting on details relating to our customers’ operations,” she said.
Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices located in cellphones allow operators to identify and authenticate subscribers as they use networks.
Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as Data Encryption Standard.
Nohl said he conservatively estimates that at least 500 million phones are vulnerable to the attacks he will discuss at Black Hat. He added that the number could grow if other researchers start looking into the issue and find other ways to exploit the same class of vulnerabilities.
The ITU estimates that about 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Toure said.
Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the cellphone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.
“We become the SIM card. We can do anything the normal phone users can do,” Nohl said in a telephone interview.
“If you have a MasterCard number or PayPal data on the phone, we get that too,” if it is stored on the SIM, he added.
The newly identified attack method only grants access to data stored on the SIM, which means payment applications that store their secrets outside of the SIM card are not vulnerable to this particular hacking approach.
‘NO SECURITY RISK’: The Railway Bureau reassured the public that the technicians’ activities were limited to technical guidance and did not involve sensitive systems The Railway Bureau yesterday said it had invited eight Chinese technicians to assist with an airport MRT construction project. The bureau issued the confirmation after an Internet user said Chinese nationals had entered the construction zone of Taiwan Taoyuan International Airport’s Terminal 3 project. They asked why “individuals from an enemy state” were allowed access to such a major national infrastructure project, which raised serious concerns over Taiwan’s industrial safety, sensitive systems and information security. The bureau’s Northern Region Engineering Branch Office said subcontractor Taiwan Handle Industrial Co (台灣手把工業) of the Taoyuan airport MRT’s “Contract No. CU05 Project A14 Station Civil, MEP &
A US uncrewed surface vessel (USV) encountered multiple Chinese warships during an autonomous transit of the Taiwan Strait, US defense company Seasats said in a statement on Wednesday. Seasats announced that a Lightfish USV had completed the first autonomous transit of the Taiwan Strait. Over five days, the USV traversed the entire length of the Strait while constantly monitoring surface vessel traffic, the company said. The Lightfish encountered multiple Chinese warships, one of which was a Chinese People’s Liberation Army Navy (PLAN) Type 056 corvette, it said. The Chinese vessels were operating “well within Taiwan’s exclusive economic zone without transmitting their identity via the
‘BOOMING’: ’ The number of partners we have here is incredible. You can see from their stock prices. They’re doing so well, they’re so happy,’ Jensen Huang said Nvidia Corp’s spending in Taiwan has ballooned to about US$150 billion a year, 10 times the US$10 billion to US$15 billion the company spent five years ago, Nvidia chief executive officer Jensen Huang (黃仁勳) said yesterday, suggesting Taiwan’s strategic importance in the global artificial intelligence (AI) supply chain. “Taiwan is the epicenter of the AI revolution. This is where the chips come, packaging comes. This is where the systems are made. This is where AI supercomputers were created,” Huang said at a meeting for the company’s employees in Beitou-Shilin Technology Park (北投士林科技園區) in Taipei, the planned site of Nvidia’s Taipei headquarters. “Taiwan
GREATER REACH? Auto parts and wood products would face tariffs of up to 15%, matching those targeting the EU, Japan and South Korea, Vice Premier said The US has announced that preferential tariff treatment for Taiwan’s non-semiconductor Section 232 goods would take effect retroactively from May 1, the Executive Yuan said yesterday. The US government yesterday posted a notice on the Federal Register’s public inspection Web site previewing tariff concessions for Taiwan under a memorandum of understanding (MOU) on Taiwan-US investment after two months of negotiations. The MOU signed on Jan. 15 stipulated three major preferential tariff arrangements: a 15 percent “reciprocal” tariff rate for Taiwan without stacking most-favored nation (MFN) rates; preferential Section 232 treatment for semiconductors and related products; and preferential Section 232 treatment for non-semiconductor
RSS