News / Science & Technology

UN Warns on Mobile Cybersecurity Bugs to Prevent Attacks

A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
x
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
Reuters
A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones.

The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.

Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Touré told Reuters.

He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.

"Our policy is to refrain from commenting on details relating to our customers' operations," she said.

Becoming the SIM

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks.

Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

"We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too."

IPhone, Android, BlackBerry

The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps.

Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said.

BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat.

"We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting."

You May Like

Photogallery Early Nigeria Results Show Buhari Leading; Tampering Concerns Mount

One local group monitoring polls is concerned politicians might use security agencies to 'fiddle with the election collation process' at state level More

UN: 7,300 Civilians Killed in Boko Haram Insurgency

A senior UN humanitarian official tells the United Nations Security Council 1,000 people have been killed this year More

Turkish President Warns Iran About Trying to Dominate Middle East

Warning comes amid growing concerns inside Turkey that it will be sucked into a sectarian conflict with its neighbor More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Film Tells Story of Musicians in Mali Threatened by Jihadistsi
X
Greg Flakus
March 30, 2015 6:48 PM
At this year's annual South by Southwest film and music festival in Austin, Texas, some musicians from Mali were on hand to promote a film about how their lives were upturned by jihadists who destroyed ancient treasures in the city of Timbuktu and prohibited anyone from playing music under threat of death. As VOA’s Greg Flakus reports from Austin, some are afraid to return to their hometowns even though the jihadists are no longer in control there.
Video

Video Film Tells Story of Musicians in Mali Threatened by Jihadists

At this year's annual South by Southwest film and music festival in Austin, Texas, some musicians from Mali were on hand to promote a film about how their lives were upturned by jihadists who destroyed ancient treasures in the city of Timbuktu and prohibited anyone from playing music under threat of death. As VOA’s Greg Flakus reports from Austin, some are afraid to return to their hometowns even though the jihadists are no longer in control there.
Video

Video With Coalition Airstrikes, Iraq Entering 'Last Page' of IS Battle

American warplanes joined Iraq's battle against the so-called 'Islamic State' in northern Iraq late Wednesday, as Iraqi ground troops launched a massive assault on Tikrit. Analysts say the offensive could take the coalition a step further towards Mosul, the largest city held by Islamic State forces. Others say it could also deepen already-dangerous sectarian tensions in the region. VOA's Heather Murdock has more from Cairo.
Video

Video Philippines Wants Tourists Spending Money at New Casinos

Tourism is a multi-billion dollar industry in the Philippines. Close to five million foreign visitors traveled there last year, perhaps lured by the country’s tropical beaches. But Jason Strother reports from Manila that the country hopes to entice more travelers to stay indoors and spend money inside new casinos.
Video

Video Civilian Casualties Push Men to Join Rebels in Ukraine

The continued fighting in eastern Ukraine and the shelling of civilian neighborhoods seem to be pushing more men to join the separatist fighters. Many of the new recruits are residents of Ukraine made bitter by new grievances, as well as old. VOA's Patrick Wells reports.
Video

Video Islamic State Prisoners Talk of Curiosity, God, Regret

Islamic State fighter, a prisoner of Kurdish YPG forces, asked his family asking for forgiveness: "I destroyed myself and I destroyed them along with me." The Syrian youth was one of two detainees who spoke to VOA’s Kurdish Service about the path they chose; their names have been changed and identifying details obscured. VOA's Zana Omer reports.
Video

Video Germanwings Findings Raise Issue of Psychological Testing for Pilots

More is being discovered about the co-pilot in the crash of Germanwings Flight 9525 in the French Alps. Investigators say he was hiding a medical condition, raising questions about the mental qualifications of pilots. VOA's Carolyn Presutti reports.
Video

Video Hi-tech Motorbike Helmet's Goal: Improve Road Safety

In cities with heavily congested traffic, people can get around much faster on a motorcycle than in a car. But a rider who is not sure of his route may have to stop to look at the map or consult a GPS. A Russian start-up company is working to make navigation easier for motorcyclists. Designers at Moscow-based LiveMap are developing a smart helmet with a built-in navigation system, head-mounted display and voice recognition. Zlatica Hoke has more.
Video

Video DOJ: Illinois National Guard Soldier Tried to Join ISIS

U.S. federal law enforcement agents arrested two suburban Chicago men accused of trying to join ISIS overseas, while also plotting attacks in the United States. As VOA’s Kane Farabaugh reports from the Midwest state of Illinois, one of those arrested is a soldier of the Illinois National Guard.
Video

Video New Wheelchair Is Easier to Use, Increases Mobility

Traditional push-rim wheelchairs create a lot of stress for arm, shoulder and neck muscles and joints. A redesigned chair, based on readily available bicycle technology, radically increases mobility while reducing the physical effort. VOA’s George Putic reports.
Video

Video Liberia's Almost Last Ebola Patient Grateful but Still Grieving

Beatrice Yardolo was to make history as Liberia’s last Ebola patient. Liberians recently started counting down 42 days, the period that has to go by without a single new infection until the World Health Organization can declare a country Ebola-free. That countdown stopped on March 20 when there was another new case of Ebola, making Yardolo’s story a reminder that Ebola is far from over. Benno Muchler reports from Monrovia.
Video

Video Cambodian Land Grabs Threaten Traditional Communities

Indigenous communities in Cambodia's Ratanakiri province say the government’s economic land concession policy is taking away their land and traditional way of life, making many fear that their identity will soon be lost. Local authorities, though, have denied this is the case. VOA's Say Mony went to investigate and filed this report, narrated by Colin Lovett.
Video

Video Space Program Status Disappoints 'Last Man on the Moon'

One of the films that drew big crowds last week at the annual South by Southwest festival in Austin, Texas, tells the story of the last human being to stand on the moon, U.S. astronaut Eugene Cernan. It has been 42 years since Cernan returned from the moon and he laments that no one else has gone there since. VOA’s Greg Flakus reports.

VOA Blogs

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More