Mike Ralston, CEO of Blencowe Resources, explains the significance of the MSP for Orom-Cross. Watch the interview here.

Less Ads, More Data, More Tools Register for FREE
Sponsored Content
Sponsored Content

UN warns on mobile cybersecurity bugs in bid to prevent attacks

Sun, 21st Jul 2013 12:32

* UN's ITU to issue advisory to nearly 200 nations

* Advisory is on risk identified by German researchers

* Researchers develop remote attack on mobile SIM cards

* Researchers say at least 500 million phones vulnerable

By Jim Finkle

BOSTON, July 21 (Reuters) - A United Nations group thatadvises nations on cybersecurity plans to send out an alertabout significant vulnerabilities in mobile phone technologythat could potentially enable hackers to remotely attack atleast half a billion phones.

The bug, discovered by German firm, allows hackers toremotely gain control of and also clone certain mobile SIMcards.

Hackers could use compromised SIMs to commit financialcrimes or engage in electronic espionage, according to Berlin'sSecurity Research Labs, which will describe the vulnerabilitiesat the Black Hat hacking conference that opens in Las Vegas onJuly 31.

The U.N.'s Geneva-based International TelecommunicationsUnion, which has reviewed the research, described it as "hugelysignificant."

"These findings show us where we could be heading in termsof cybersecurity risks," ITU Secretary General Hamadoun Tourétold Reuters.

He said the agency would notify telecommunicationsregulators and other government agencies in nearly 200 countriesabout the potential threat and also reach out to hundreds ofmobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provideguidance to those network operators and SIM vendors that may beimpacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, theworld's biggest maker of SIM cards, said her company supportedGSMA's response.

"Our policy is to refrain from commenting on detailsrelating to our customers' operations," she said.

BECOMING THE SIM

Cracking SIM cards has long been the Holy Grail of hackersbecause the tiny devices are located in phones and allowoperators to identify and authenticate subscribers as they usenetworks.

Karsten Nohl, the chief scientist who led the research teamand will reveal the details at Black Hat, said the hacking onlyworks on SIMs that use an old encryption technology known asDES. The technology is still used on at least one out of eightSIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in useworldwide. It plans to work with the industry to identify how toprotect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls andsend text messages impersonating the owner of the phone, saidNohl, who has a doctorate in computer engineering from theUniversity of Virginia.

"We become the SIM card. We can do anything the normal phoneusers can do," Nohl said in a phone interview. "If you have aMasterCard number or PayPal data on the phone, we get that too."

IPHONE, ANDROID, BLACKBERRY

The mobile industry has spent several decades definingcommon identification and security standards for SIMs to protectdata for mobile payment systems and credit card numbers. SIMsare also capable of running apps.

Nohl said Security Research Labs found mobile operators inmany countries whose phones were vulnerable, but declined toidentify them. He said mobile phone users in Africa could beamong the most vulnerable because banking is widely done viamobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones fromApple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, hesaid.

BlackBerry's director of security response and threatanalysis, Adrian Stone, said in a statement that his companyproposed new SIM card standards last year to protect against thetypes of attacks described by Nohl, which the GSMA has adoptedand advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based inWashington, D.C., said the new research likely posed noimmediate threat.

"We understand the vulnerability and are working on it,"said CTIA Vice President John Marinho. "This is not what hackersare focused on. This does not seem to be something they areexploiting."

Related Shares

More News
Today 09:51

TOP NEWS: Vodafone, Google strengthen strategic collab with AI focus

(Alliance News) - Vodafone Group PLC on Tuesday said it will deepen its strategic partnership with Alphabet Inc's Google, with a focus on generative a...

Today 07:47

Vodafone, Google in 10-year AI tie-up

(Sharecast News) - UK telecoms giant Vodafone and Google on Tuesday said they had extended their partnership in a 10-year deal they claimed would be w...

2 Oct 2024 13:35

EXECUTIVE CHANGES: Dar Global chair exits; new CFOs at Kistos, Hansard

(Alliance News) - The following is a round-up of London-listed company director and manager changes announced recently and not separately reported by ...

1 Oct 2024 14:44

Abu Dhabi's ADNOC to buy German chemicals firm Covestro for $16 bln

ADNOC to pay 62 euros per Covestro share, take on 3 bln in debt *

30 Sep 2024 13:44

Vodafone and Three tell CMA 'outstanding issues' over proposed merger 'can be resolved'

(Sharecast News) - Telecommunications firms Vodafone and Three have pushed back at the Competition and Markets Authority after the watchdog raised con...

Make Better Investment Decisions

Register for FREE

Login to your account

Don't have an account? Click here to register.

Quickpicks are a member only feature

Login to your account

Don't have an account? Click here to register.