LinuxVillage

LinuxVillage welcome => Technical discussions => Discussion démarrée par: ka9yhd le 21 juillet 2013 à 21:31:43

Titre: SIM card flaw said to allow hijacking of millions of phones
Posté par: ka9yhd le 21 juillet 2013 à 21:31:43
"Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns"

http://news.cnet.com/8301-1009_3-57594754-83/sim-card-flaw-said-to-allow-hijacking-of-millions-of-phones/ (http://news.cnet.com/8301-1009_3-57594754-83/sim-card-flaw-said-to-allow-hijacking-of-millions-of-phones/)
Titre: Re : SIM card flaw said to allow hijacking of millions of phones
Posté par: mimas le 22 juillet 2013 à 11:53:15
Interesting parts :

> The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day.

> Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card.

Now, guess who is responsible for the 56 bits encryption in DES (Digital Encryption Standard (https://en.wikipedia.org/wiki/Data_Encryption_Standard))?

(pause)

Tada... NSA!!

> A more contentious issue was the key size of DES. Authors like Richard J. Aldritch (GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency) would claim the key size was reduced to 56 bits because the NSA persuaded IBM to – a key size apparently the NSA and nobody else could crack at the time. Remember, the NSA’s design criteria was a cryptosystem suitable for unclassified data, not something that’s resistant to all threats.

https://xerocrypt.wordpress.com/2013/03/17/data-encryption-standard-the-serious-bit/