News / Science & Technology

UN Warns on Mobile Cybersecurity Bugs to Prevent Attacks

A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
x
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
A woman holds up a SIM card, which she won in a June lottery, in Rangoon, Burma, June 24, 2013.
Reuters
A United Nations group that advises nations on cybersecurity plans to send out an alert about significant vulnerabilities in mobile phone technology that could potentially enable hackers to remotely attack at least half a billion phones.

The bug, discovered by German firm, allows hackers to remotely gain control of and also clone certain mobile SIM cards.

Hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage, according to Berlin's Security Research Labs, which will describe the vulnerabilities at the Black Hat hacking conference that opens in Las Vegas on July 31.

The U.N.'s Geneva-based International Telecommunications Union, which has reviewed the research, described it as "hugely significant."

"These findings show us where we could be heading in terms of cybersecurity risks," ITU Secretary General Hamadoun Touré told Reuters.

He said the agency would notify telecommunications regulators and other government agencies in nearly 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it also reviewed the research.

"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.

"Our policy is to refrain from commenting on details relating to our customers' operations," she said.

Becoming the SIM

Cracking SIM cards has long been the Holy Grail of hackers because the tiny devices are located in phones and allow operators to identify and authenticate subscribers as they use networks.

Karsten Nohl, the chief scientist who led the research team and will reveal the details at Black Hat, said the hacking only works on SIMs that use an old encryption technology known as DES. The technology is still used on at least one out of eight SIMs, or a minimum of 500 million phones, according to Nohl.

The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.

Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone, said Nohl, who has a doctorate in computer engineering from the University of Virginia.

"We become the SIM card. We can do anything the normal phone users can do," Nohl said in a phone interview. "If you have a MasterCard number or PayPal data on the phone, we get that too."

IPhone, Android, BlackBerry

The mobile industry has spent several decades defining common identification and security standards for SIMs to protect data for mobile payment systems and credit card numbers. SIMs are also capable of running apps.

Nohl said Security Research Labs found mobile operators in many countries whose phones were vulnerable, but declined to identify them. He said mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs.

All types of phones are vulnerable, including iPhones from Apple Inc, phones that run Google Inc's Android software and BlackBerry Ltd smartphones, he said.

BlackBerry's director of security response and threat analysis, Adrian Stone, said in a statement that his company proposed new SIM card standards last year to protect against the types of attacks described by Nohl, which the GSMA has adopted and advised members to implement.

Apple and Google declined comment.

CTIA, a U.S. mobile industry trade group based in Washington, D.C., said the new research likely posed no immediate threat.

"We understand the vulnerability and are working on it," said CTIA Vice President John Marinho. "This is not what hackers are focused on. This does not seem to be something they are exploiting."

You May Like

African States Push to Keep Boko Haram Offline

Central African telecoms ministers working with Nigeria to block all videos posted by Boko Haram in effort to blunt Nigerian militant group's propaganda More

Falling Oil Prices, Internet-Savvy Youth Pose Challenge for Gulf Monarchies

Across the Gulf, younger generations are putting a strain on traditional politics More

Philippines Call Center Workers Face Challenges

Country has world’s largest business process outsourcing, or BPO, industry, employing some one-million workers More

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
US Supreme Court Hears Hijab Discrimination Casei
X
Katherine Gypson
February 25, 2015 11:30 PM
The U.S. Supreme Court has heard opening arguments in a workplace religious discrimination case that examines whether a clothing store can refuse to hire a young woman for wearing the headscarf she says is a symbol of her Muslim faith. Katherine Gypson reports from the Supreme Court.
Video

Video US Supreme Court Hears Hijab Discrimination Case

The U.S. Supreme Court has heard opening arguments in a workplace religious discrimination case that examines whether a clothing store can refuse to hire a young woman for wearing the headscarf she says is a symbol of her Muslim faith. Katherine Gypson reports from the Supreme Court.
Video

Video Falling Gas Prices Hurt Nascent Illinois Hydraulic Fracturing Industry

Falling oil prices are helping consumers purchase cheaper petroleum at the pump. But that’s made hydraulic fracturing or “fracking” less economically viable for the companies in the United States invested in the process. VOA’s Kane Farabaugh reports on one Midwestern town that was hoping to change its fortunes by cashing in on the next big U.S. oil boom.
Video

Video Fighting in Sudan's South Kordofan Fuels Mass Displacement

Heavy fighting in Sudan's South Kordofan state is causing hundreds of thousands to flee into uncertain conditions. Local aid organizations estimate as many as 400,000 civilians have been internally displaced since the conflict began more than three years ago, while another 250,000 have fled across the border to refugee camps in South Sudan. VOA's Adam Bailes reports.
Video

Video Lao Dam Project Runs Into Opposition

A Lao dam project on a section of the Mekong River is drawing opposition from local fishermen, international environmental groups and neighboring countries. VOA's Say Mony visited the region to investigate the concerns. Colin Lovett narrates.
Video

Video A Filmmaker Discovers Her Biracial Identity in "Little White Lie

Lacey Schwartz grew up in an upper middle-class Jewish family, in a town in upstate New York where almost everyone she knew was white. She assumed that she was, as well. Her recent documentary, Little White Lie, tells the story of how she uncovered the secret of her true racial background. VOA’s Carolyn Weaver has more on the film.
Video

Video Deep Under Antarctic Ice Sheet, Life!

With the end of summer in the Southern hemisphere, the Antarctic research season is over. Scientists from Northern Illinois University are back in their laboratory after a 3-month expedition on the Ross Ice Shelf, the world’s largest floating ice sheet. As VOA’s Rosanne Skirble reports, they hope to find clues to explain the dynamics of the rapidly melting ice and its impact on sea level rise.
Video

Video US-Cuba Normalization Talks Resume Friday

Negotiations aimed at normalizing diplomatic relations between the U.S. and Cuba resume Friday. On the table: lifting a half-century trade embargo and easing banking and travel restrictions. There's opposition in Congress, but some analysts say there may be sufficient political and economic incentives in both nations for a potential breakthrough this year. VOA's Mil Arcega reports.
Video

Video Pakistan's Deadline For SIM Registration Has Cellphone Users Scrambling

Pakistani cell phone users have until midnight Thursday to register their SIM cards, or their service will be cut off. While some privacy experts worry about government intrusion, many Pakistanis are just worried about keeping their phone lines open. VOA Deewa reporter Arshad Muhmand has more from Peshawar.
Video

Video Myanmar Warns Factory Workers to End Strikes

Outside Myanmar's main city Yangon, thousands of workers walked off their jobs earlier this month demanding a doubling of their wages, pay raises after a year and input from labor unions on industrial regulations. Since Friday, the standoff has grown more tense as police moved in to disrupt the sit-ins, resulting in clashes that injured people from both sides. VOA correspondent Steve Herman visited industrial zones which have become a focus of Myanmar's fledgling workers rights movement.
Video

Video Oscar Winners Do More Than Thank the Academy

The Academy Awards presentation is Hollywood’s night to reward the best movies from the previous year. It’s typically a lot of glitter, a lot of thank you’s, a lot of speeches. But many of this year’s speeches carried messages beyond the thank you's. VOA’s Carolyn Presutti takes a look.

All About America

Circumventing Censorship

An Internet Primer for Healthy Web Habits

As surveillance and censoring technologies advance, so, too, do new tools for your computer or mobile device that help protect your privacy and break through Internet censorship.
More