News / Science & Technology

UN Warns on Mobile Cybersecurity Bugs to Prevent Attacks

A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013. A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
x
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
Reuters
— A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones.

The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.

Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Touré told Reuters.

He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.

"Our policy is to refrain from commenting on details relating to our customers' operations," she said.

Becoming the SIM

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks.

Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

"We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too."

IPhone, Android, BlackBerry

The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps.

Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said.

BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat.

"We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting."

You May Like

Uganda Court Annuls Anti-Gay Law

Court says law was passed in parliament without enough members present for a full quorum More

Multimedia Thailand Makes Efforts to Improve Conditions for Migrant Laborers

In Thailand, its not uncommon for parents to bring their children to work; one company, in-collaboration with other organizations, address safety concerns More

In Indonesia, Jihad Video Raises Concern

Video calls on Indonesians to join Islamic State of Iraq and the Levant, ISIL More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
In Thailand, Some Efforts to Improve Conditions For Migrant Laborersi
X
Steve Herman
August 01, 2014 6:22 PM
Thailand has been facing increasing international scrutiny as a hub of human trafficking and slave labor. Some of the kingdom’s companies are striving to improve working conditions, especially for the millions of migrant laborers from surrounding countries. VOA Correspondent Steve Herman in Bangkok takes a look at one initiative for children at construction sites
Video

Video In Thailand, Some Efforts to Improve Conditions For Migrant Laborers

Thailand has been facing increasing international scrutiny as a hub of human trafficking and slave labor. Some of the kingdom’s companies are striving to improve working conditions, especially for the millions of migrant laborers from surrounding countries. VOA Correspondent Steve Herman in Bangkok takes a look at one initiative for children at construction sites
Video

Video Public Raises its Voice on Power Plant Pollution

In the United States, proposed rules to cut pollution from the nation’s 600 coal-fired power plants are generating a heated debate. The U.S. Environmental Protection Agency, charged with writing and implementing the plan, has already received 300,000 written comments. As VOA’s Rosanne Skirble reports, another 1,600 people are lining up this week at EPA headquarters and at satellite offices around the country to give their testimony in person.
Video

Video Information War Rages Alongside Real One in Ukraine

The downing of the Malaysian airliner two weeks ago, and allegations that Russians are shelling Ukrainian troops across the border, have moved the information war swirling around the Ukrainian conflict to a new level. VOA's Al Pessin reports from Kyiv.
Video

Video When Fighting Eases, Gazans Line Up at Bakeries

When there is a lull in the conflict in Gaza, residents who have been hunkered down in their apartments rush out to stock up on food and other necessities. Probably the most important destination is the local bakery. VOA’s Scott Bobb reports from Gaza City.
Video

Video China Investigates Powerful Former Security Chief

The public in China is welcoming the Communist Party's decision to investigate one of the country's once most powerful politicians, former domestic security chief Zhou Yongkang. Analysts say the move by President Xi Jinping is not only an effort to win more support for the party, but an essential step to furthering much needed economic reforms and removing those who would stand in the way of change. VOA's Bill Ide has more from Beijing.
Video

Video US-Funded Program Offers Honduran Children Alternative to Illegal Immigration

President Obama and Central American leaders recently agreed to come up with a plan to address poverty and crime in the region that is fueling the surge of young migrants trying to illegally enter the United States. VOA’s Brian Padden looks at one such program in Honduras - funded in part by the United States - which gives street kids not only food and safety but a chance for a better life without, crossing the border.
Video

Video 'Fab Lab' Igniting Revolution in Kenya

The University of Nairobi’s Science and Technology Park is banking on 3-D prototyping to spark a manufacturing revolution in the country. Lenny Ruvaga has more for from Nairobi's so-called “FabLab” for VOA.
Video

Video Immigrant Influx on Texas Border Heats Up Political Debate

Immigrants from Central America continue to cross the U.S.-Mexico border in south Texas, seeking asylum in the United States, as officials grapple with ways to deal with the problem and provide shelter for thousands of minors among the illegal border crossers. As VOA's Greg Flakus reports from Houston, the issue is complicated by internal U.S. politics and U.S. relations with the troubled nations that immigrants are fleeing.

AppleAndroid