SIM Card Security Flaw Exposing 750 Million Cell Phones

SIM Card

SIM Card

Outdated encryption is to blame for a new risk on your cellular device. According to a report by SRLabs and research which will be presented at BlackHat on July 31st, the Subscriber Identity Module (SIM) card can be hacked in a few ways, including through SMS messages.

According to SRLabs, SIM cards use 56-bit DES encryption – a technology created in the 70s. Using what is called FPGA clusters, a SIM can be crackable. SRLabs is looking to make aware these issues, then recommend a better SIM card technology, SMS firewall and SMS filtering so simple hacking techniques cannot access SIM card data.

It is reported that over 750 million SIM cards are vulnerable to this hack. That is 1 in 8 SIM cards, according to Karsten Nohl of SRLabs. An improperly encrypted SMS message – along with use of a custom Java program – can open the SIM to the malware. A hacker can do anything from change your voicemail to access your personal information on the SIM card.

In some phones, most information is stored on the phone and not the SIM. In some phones, SIM data can also include bank information, passwords to websites and programs and more. However, as we move to mobile and wearable devices, more SIM cards will be used to connect people to cellular networks.

 

 

 

Stats on 60 Seconds of Mobile Use in October 2011

Did you ever wonder what everyone around you is doing with their constantly-out smartphones?  Well, Mobclix did some research about what cell phone users are clicking and came up with a snapshot of what goes on in a single minute of usage.  Some of the results may surprise you – like 4,111 ads were clicked on.  Some may not – like that Angry Birds is simply in a category of usage all by itself.  You won’t believe how many people are looking for song lyrics or slicing fruit in Fruit Ninja.

All of this data was put together into one cool infographic.  It’s posted below, so have a look and see what you think.  Does it reflect what you expected?  Do you find anything really surprising?  What would an infographic of your usage reflect?

mobile in 60 seconds

Source: Mobclix

OnStar Still Collecting Data After You’ve Cancel Service

onStarUnder a recent change in policy, OnStar which is owned by GM continues to connect to your vehicle and collect information about it even after you have cancelled your account. This change of policy goes into effect Dec 1. This information includes speed, location, odometer reading and seatbelt usage. Information that could be used by both law enforcement and insurance companies among others to both the aid and detriment of the consumer. OnStar stated they reserve the right to share this information with interested third parties, including law enforcement, although they do not do so at this time. OnStar stated that this allows them to communicate to the cars occupants about severe weather, emergency evacuation, and recalls. OnStar also insist that this information is clearly stated in the Terms of Service (TOS) and customers should be aware of it. It is unclear however, whether this is something that OnStar informs the customer when they cancel their service or is it something that the customer has to bring up. This is clearly an opt out service and not an opt in service. Let’s assume that consumers read the TOS when they first get the service and are aware they have to deactivate the data connection when they cancel service to stop OnStar from collecting data. Are they really going to remember this when they actually cancel service, I doubt it and I bet OnStar is betting on this. This change of policy has raise the ire of several Senators including Senator Schumer (NY), Al Franken (MN) and Christopher Coons (DE). They have all called upon Onstar to change it’s policy, Senator Schumer has also requested the FTC to launch and investigation.

First I am presently not a user of OnStar, none of the cars I own have it installed. A few rental cars I used in the past have had it installed. So I have never had to cancel the service. However when I cancel service with a business this means to me and I think most consumer, that my contract and connection to that business has been totally severed. It doesn’t mean the business can continue to collect information about me and that’s alright because it’s for my safety. Why OnStar thought that consumers would be ok with this is beyond me, or perhaps more likely they thought no one would notice. The second question is why OnStar is collecting this information in the first place, if not to sell it. With over 6 million willing customers from which they can collect information from, do they really need to collect information from ex-customers. Finally what prompted the change in policy and did anyone at OnStar say wait this might be a bad idea.

GNC #688 Borders Dead Pool

You win some you loose some. But I will be honest an extra set of hands would be great. First five minutes of the show are comical as you will see. An absolute metric ton of tech tonight. Be advised the primary Video feed is going HD and the Mobile Video feed will much more manageable.

Note to Subscribers: Rough show tonight dealing with family issues in Japan that are not good, Shoko is fine but they are having a rough go of it! Thanks for being part of the family. My head was not a 100% engaged tonight as will be evident.

Mobile Video Feed!

Support our Show Sponsor:
30% off your new order @ GoDaddy: gnc30
1.49 .com New or Renewal geek149
$1.00 / mo WordPress Hosting with a free domain! Promo Code: press4
$1.00 / mo Economy Hosting with a free domain! Promo Code: geeks12
GoDaddy Promo Codes always save you money, check out my Promo Codes Today

Subscribe Today: Audio | Video (HD) | Mobile Video | iTunes | Zune
Download the Show File

Follow @geeknews on Twitter
Geek News Central Facebook Page
Purchase GNC gear from the Ohana Store!
Show Hotline 24/7 1-619-342-7365 or e-mail geeknews@gmail.com

Show Links:
Visualize the Debt.
Tools to Survive Financial Meltdown ;)
John Glenn at 90.
Last Group Picture at ISS.
Tips on Int Mobile Bill.
Borders Deadpool.
Newspapers want Cake to.
G.Co
My Data Usage Pro.
Paint your roof White?
Verizon LTE Roll-Out Thursday.
Twitter Boring!
P2P Censor.
ISP Refuse Blocking of PB.
Judge Threatened.
ZIP/RAR Support in Google Docs.
Are you a Thief.
Google+ Malware.
Slack versus Spot.
Feds take your Drivers License.
Sprint 3 Million Ad Campaign Giveaway with NASCAR.
ChromeBook for 7 Days.
Password Trends you don’t want to set.
Atlas 5 Human Lift.
20 Million Pound Tool.
IPV6 Update.
Wanna make a quick 250k?
Anonymous kicked out of Google+
Lion on Wednesday?
CNN Live on iPad.
The Verge?
Car Apps Coming.

Play

Smartphones As The New Facebook

Facebook hit critical mass and managed to move into the mainstream and is now sucking in mass numbers of new users. Much of the value of a many goods and services revolves around mass adoption – it becomes beneificial for people to use Facebook simply because so many friends and family are already on it.

We keep hearing statistics about smartphone adoption rates. No doubt about it, smartphones are increasingly popular devices and are quickly moving into the mainstream.

How does this translate into the real world?

I came across a guy a few days ago that had recently gotten an iPhone 4.0 specifically so he could do Facetime chats with his brother. This guy was in his 50’s and had never owned a computer or dealt with the Internet in any way. I was surprised at how well he had learned to run his phone. He was clearly thrilled with the smartphone and what it was capable of. Even though this fellow had somehow managed to resist getting a computer and the Internet, the smartphone managed to pull him in. Furthermore, this guy was using a lot of data above and beyond WiFi and Facetime. Even as a novice user, he had already purchased a few iphone apps. Additionally he expressed a lot of interest when I was describing Audible.Com audio books.

There’s a segment of the population I run into personally that doesn’t like the idea of or see the need for or perceive any benefit from paying for mobile data connections. These are the people that are hanging onto more basic phone models. I suspect that these same people likely resisted the idea of getting a cell phone in the first place – in other words, they are late adopters when it comes to cell phone technologies and services.

We are now entering the phase of smartphone adoption of where mass numbers of people will get smartphones simply because everyone else has them. I believe smartphones are poised to outstrip even a service like Facebook with the total number of smartphone users.

These new smartphone users are likely to use mass amounts of data. Cell phone companies wanted people to have data plans because of the extra revenue from larger data-enabled bills – now they’d better be prepared to deliver on the promise.

Better Apps and Better Data Needed

Better Apps and Better Data NeededWhen it comes to certain types of software or social networking sites, I have tended to hold back and let others to be the first to jump on the bandwagon. For example, Twitter was around a year or two before I decided to sign up and see what all the fuss was about. I did the same thing with Facebook. After all, it seems in the initial stages there are dozens and dozens of similar types of sites that are trying to compete for the big prize, and I refuse to sign up for any or all of them until it becomes clear that they are doing something to set themselves apart to garner real interest. In the past I’ve signed up for plenty of sites and it seems like I’m the only one present. The formula is easy – the more people that sign up and actually use a site, the more useful it becomes.

In the smart phone realm I’ve been hearing people talk a lot about Foursquare. I kept hearing it mentioned, but really had little clue what functionality it offered. I kept hearing about Starbucks discounts and Mayors in conjunction with Foursquare and wondered what on earth that was about and what that had to do with a smart phone app.

Since I’m the proud owner of the Sprint Evo 4G smart phone, I’ve been checking out all sorts of interesting Android apps. The Foursquare name kept periodically coming up, so I decided I would check it out.

Once I loaded Foursquare on my Evo and opened the app up for the first time I was presented with a Foursquare login screen and realized I had to go to their site in a browser to create an account, which I did. As part of the Foursquare account generation process, they present you with options of connecting your new account to Facebook and Twitter – very smart on their part, because it helps to connect with friends that are already Foursquare members.

After I logged in on my phone, it was cool to be able to see where those friends had been when they “checked in” from various restaurants and businesses around the country and the world. That’s cool. However, the “Location” tab makes the app EXTREMELY useful for me. I’m an over-the-road truck driver, constantly driving up and down freeways across the country. I happened to be at Gas City, Indiana when I installed Foursquare, so I was a bit surprised to see listed all the restaurants and convenience stores at the exit I was at along I-69, and the distance in meters they were away from where my truck was parked. It uses the phone’s built-in GPS chip so that it knows exactly where it’s at and what businesses are around – within “four square miles” perhaps?

All of these GPS-enabled smart phone apps are great, but they don’t solve all of my problems. I’m constantly looking for truck washes (refrigerated trailers constantly need washed out before reloading) as well as truck stops and truck parking. Even Google’s database has been gamed – try typing “truck stop” or “truck wash” along with the city name of your choice into Google and see if the search results aren’t misleading. “Truck wash” and a city name will often result in car wash business listings, useless for my purposes.

The bottom line is there’s still plenty of room for future smart phone app development. More specialized apps and better databases are two elements that can result in more useful apps.

GNC-2007-11-30 #321

I catch you up on the latest info here at the new house, talk about podcasting and cover a pile of tech news.

Sponsors:
Special Promotion code 20% off on 1 Year Shared Hosting Plans use Godaddy Code Todd20
Sponsor: Save Money with all our GoDaddy Codes see our Promo Code Page
[Try GoToMeeting free for 30 days at GoToMeeting.com/techpodcasts. No credit card needed.]

Twitter Me http://www.twitter.com/geeknews
My Facebook Profile
Comments to 619-342-7365 e-mail to geeknews@gmail.com

Listener Links:
Venus History
Water Solutions 1
Grey Watergator
Wet Wheelie
Java Promoting Open Office
Listener Opinion on Java and Open Office
Red Monday an Original Podcast Series

Show Notes:
Father of Podcasting Dave Winer’s take on Podcasting
Spammers Giving Up?
Use iPhone on Laptop
Be a Google Search Expert
EFF FInds Comcast Packet Shaping Trafic
MSNBC on EFF Comcast Findings
FBI Bot Roast II
Mobile Phone 3.3 Billion?
3G iPhone
Cyberbulling
Comcast Bandwidth in 2008
Warner Music Loosing Money
EMI to Slash RIAA Donation
Verizon going GSM
DSL Speed Growing Outside US
Digg Google Search
Cool Video Implementation
White Label RSS Aggregator
Netflix and NBC
Microsoft changes the iPod
P2P Traffic Increasing
Pay Per Post Bloggers Crying
ISS May Have Air Leak
Mars Rover Spotted
Hackers Hijack Search Results
NASA Outlines Mars Mission
Sprint Need No Money!
DontCensorMe.com

Gems I Found
Your Tax Dollars at Work
Extreme Data Recovery
Data Center Building

Internet Explorer Unsafe 98 Percent of the Time

ScanIT, an Internet security consultancy, reports Microsoft’s Internet Explorer was unsafe 98 percent of the time, during 2004. The data were collected from 195,000 internet users who used ScanIT’s online security checker. The reported 98 percent unsafe rating is based on security holes being found in fully-patched installations of Internet Explorer on every day of the year 2004, except the week between October 12 and 19.

[Read more…]

Lost Hard Drive Contains 23,000 Social Security Numbers

Students, faculty, and staff at seven campuses of the California State University (CSU) system are at risk for identity theft after a hardware technician improperly disposed of a computer hard drive with unencrypted database tables that included Social Security numbers and other personal details. The CSU is required, under California law, to notify all affected parties.

The law, which went into effect last year, requires notification whenever personal data, such as Social Security numbers, driver’s license numbers or credit card numbers (with identification numbers) have been accessed without authority.

The university system’s hard drive has been missing since Friday, June 25th. The technician left the drive laying on a worktable after upgrading the computer from which it came. In a rush to start the weekend, the drive wasn’t properly secured, and come Monday, there was no sign of it. The drive was most likely picked up by the evening cleaning crew; however, the results of a police investigation was inconclusive.

Dave’s Opinion
Hard disks, like portable media, must be completely destroyed before being discarded. Using a security data deletion (wiping ) program such one that comes with the PGP data security program, would have prevented the data being recovered, even if the drive were reused.

Call for Comments
What do you think? Leave your comments below.