Outdated encryption is to blame for a new risk on your cellular device. According to a report by SRLabs and research which will be presented at BlackHat on July 31st, the Subscriber Identity Module (SIM) card can be hacked in a few ways, including through SMS messages.
According to SRLabs, SIM cards use 56-bit DES encryption – a technology created in the 70s. Using what is called FPGA clusters, a SIM can be crackable. SRLabs is looking to make aware these issues, then recommend a better SIM card technology, SMS firewall and SMS filtering so simple hacking techniques cannot access SIM card data.
It is reported that over 750 million SIM cards are vulnerable to this hack. That is 1 in 8 SIM cards, according to Karsten Nohl of SRLabs. An improperly encrypted SMS message – along with use of a custom Java program – can open the SIM to the malware. A hacker can do anything from change your voicemail to access your personal information on the SIM card.
In some phones, most information is stored on the phone and not the SIM. In some phones, SIM data can also include bank information, passwords to websites and programs and more. However, as we move to mobile and wearable devices, more SIM cards will be used to connect people to cellular networks.
In recent weeks it has become very evident that Anonymous is a group that anyone running publicly accessible servers should avoid pissing off. While Anonymous publicly embarrasses those companies and sites they go after, the Chinese on the other hand are much more sinister.
As reported this morning on Bloomberg the business of industrial espionage is alive and well. It has been revealed that a significant number of oil industry servers containing highly sensitive data at Exxon Mobil Corp., Royal Dutch Shell Plc and BP Plc have essentially been owned by the Chinese government for some time.
What possibly could the Chinese want from the servers from those companies, well potentially trillions of dollars in new oil well finds, that the Chinese can just put a rig over and pump out for their countries own consumption. The for mentioned companies are not being very forthcoming but hackers had access to their networks for over a year.
Multi-National companies like these need to get their collective heads out of their asses and get their networks secure. The same goes to US Government infrastructure, power, water, sewage etc etc etc.
Maybe I am just a paranoid retired Navy guy, but if you think the Chinese government is our friend you have to be smoking crack. While I am sure the majority of Chinese people are lovely people, the goals of their Government are such that companies large and small better start improving their security yesterday.