SIM card flaw said to allow hijacking of millions of phones

[ka9yhd]

"Vulnerability in the security key that protects the card could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset's owner, a security researcher warns"

http://news.cnet.com/8301-1009_3-57594754-83/sim-card-flaw-said-to-allow-hijacking-of-millions-of-phones/

[mimas]

Interesting parts :

> The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day.

> Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card's digital key, the 56-digit sequence that allows modification of the card.

Now, guess who is responsible for the 56 bits encryption in DES (Digital Encryption Standard)?

(pause)

Tada... NSA!!

> A more contentious issue was the key size of DES. Authors like Richard J. Aldritch (GCHQ: The Uncensored Story of Britain’s Most Secret Intelligence Agency) would claim the key size was reduced to 56 bits because the NSA persuaded IBM to – a key size apparently the NSA and nobody else could crack at the time. Remember, the NSA’s design criteria was a cryptosystem suitable for unclassified data, not something that’s resistant to all threats.

https://xerocrypt.wordpress.com/2013/03/17/data-encryption-standard-the-serious-bit/