News / Science & Technology

UN Warns on Mobile Cybersecurity Bugs to Prevent Attacks

A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013. A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
x
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
Reuters
A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones.

The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.

Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Touré told Reuters.

He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.

"Our policy is to refrain from commenting on details relating to our customers' operations," she said.

Becoming the SIM

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks.

Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

"We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too."

IPhone, Android, BlackBerry

The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps.

Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said.

BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat.

"We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting."

You May Like

Photogallery US to Send 3,000 Troops to Liberia in Expanded Ebola Effort

At US Centers for Disease Control and Prevention in Atlanta, Obama is to announce troop deployment, other details of US plans to fight Ebola outbreak More

China Muslims Work to Change Perceptions After Knife Attacks

Muslims in Kunming say that they condemn the violence, it is not a reflection of the true beliefs of their faith More

Humanitarian Aid, Equipment Blocked in Cameroon

Move is seen as a developing supply crisis in West Africa More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Enviropreneur Seeks to Save the Environment, Empower the Communityi
X
September 16, 2014 2:06 PM
Lorna Rutto, a former banker, is now an ‘enviropreneur’ - turning plastic waste into furniture and fences discusses the challenges she faces in Africa with raw materials and the environment.
Video

Video Enviropreneur Seeks to Save the Environment, Empower the Community

Lorna Rutto, a former banker, is now an ‘enviropreneur’ - turning plastic waste into furniture and fences discusses the challenges she faces in Africa with raw materials and the environment.
Video

Video West Trades Accusations Over Ransoms

As world leaders try to forge a common response to the threat posed by Islamic State militants in Iraq and Syria, there is simmering tension over differing policies on paying ransoms. In the past month, the jihadist group has beheaded two Americans and one Briton. Both countries refuse to pay ransom money. As Henry Ridgwell reports for VOA from London, there is uncertainty in the approach of some other European nations.
Video

Video Scotland Independence Bid Stokes Global Interest

The people of Scotland are preparing to vote on whether to become independent and break away from the rest of Britain, in a referendum being watched carefully in many other countries. Some see it as a risky experiment; while others hope a successful vote for independence might energize their own separatist demands. Foreign immigrants to Scotland have a front row seat for the vote. VOA’s Henry Ridgwell spoke to some of them in Edinburgh.
Video

Video Washington DC Mural Artists Help Beautify City

Like many cities, Washington has a graffiti problem. Buildings and homes, especially in low-income neighborhoods, are often targets of illegal artwork. But as we hear from VOA’s Julie Taboh, officials in the nation's capital have come up with an innovative program that uses the talents of local artists to beautify the city.
Video

Video US Muslim Leaders Condemn Islamic State

Leaders of America's Muslim community are condemning the violent extremism of the Islamic State group in Iraq and Syria. The U.S. Muslim leaders say militants are exploiting their faith in a failed effort to justify violent extremism. VOA correspondent Meredith Buel reports.
Video

Video Americans' Reaction Mixed on Obama Strategy for Islamic State Militants

President Barack Obama’s televised speech on how the United States plans to “degrade and destroy” the group known as the Islamic State reached a prime-time audience of millions. And it came as Americans appear more willing to embrace a bolder, tougher approach to foreign policy. VOA producer Katherine Gypson and reporter Jeff Seldin have this report from Washington.
Video

Video Authorities Allege LA Fashion Industry-Cartel Ties

U.S. officials say they have broken up crime rings that funneled tens of millions of dollars from Mexican drug cartels through fashion businesses in Los Angeles. Mike O'Sullivan reports that authorities announced nine arrests, as 1,000 law enforcement agents fanned out through the city on Wednesday.
Video

Video Bedouin Woman Runs Successful Business in Palestinian City

A Bedouin woman is breaking social taboos by running a successful vacation resort in the Palestinian town of Jericho. Bedouins are a sub-group of Arabs known for their semi-nomadic lifestyle. Zlatica Hoke says the resort in the West Bank's Jordan Valley is a model of success for women in the region.


Carnage and mayhem are part of daily life in northern Nigeria, the result of a terror campaign by the Islamist group Boko Haram. Fears are growing that Nigeria’s government may not know how to counter it, and may be making things worse. More

AppleAndroid