重庆渝顺诊所连锁有限公司

SIM卡加密法遭破解 数亿手机面临安全风险

发表时间:2013-7-23  浏览次数:5462  
字体大小: 【小】 【中】 【大】
7月22日电 据Gizmodo报道,近日,一名德国的密码破译者声称自己“黑”掉了一张手机SIM卡。美国最近爆发的“棱镜”窃听事件也许让这样的消息变得没那么新奇,但破解SIM卡的事情过去从来没有过,因此仍然值得引起关注。德国密码破译者的声明让成千上万的手机陷入潜在危险中。

    柏林安全研究实验室创始人卡斯滕·诺尔(Karsten Nohl)通过对上千张SIM卡加密方法进行研究,发现了黑客如何破解SIM卡独特的56位数字密钥。诺尔发现的漏洞可能对7亿5千万部手机造成危害,使之暴露在监听之下,并伴随被钓鱼网站钓鱼和身份被盗的风险。

    诺尔说,给我任意一个电话号码,在几分钟后我就可以远程遥控这张SIM卡,甚至可以复制一张。

    除了攻破数字密钥外,诺尔还发现了“沙盒”(sandboxing)技术的漏洞,该技术能将手机上的敏感数据隔离在SIM上。通过向手机发送二进制短信,他能从手机获得一些列反馈信息,并最终利用这些信息破解手机的加密技术。诺尔发现的每一个漏洞都对特定的SIM卡有效,但如果让有企图的人获得这项技术,那么现在就会有大量的SIM用户面临危险。

   Millions Of Cell Phones Could Be Vulnerable To This SIM Card Hack

    With the NSA leaks going full force it probably won't sound like news at all that a German cryptographer claims to have hacked a SIM card. But that's never been done before, so it's kind of a big deal, and shows that millions of phones are potentially vulnerable.

    The founder of Security Research Labs in Berlin, Karsten Nohl, studied the encryption methods in thousands of SIM cards to figure out how a hacker could find the card's unique 56-digit access key. The vulnerability he discovered could impact as many as 750 million phones and would open them to call surveillance, fraudulent purchases and even a type of identity theft. Nohl told Forbes,

    Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it.

    In addition to compromising access keys, Nohl discovered a flaw in the "sandboxing" technique that keeps sensitive data separate on SIM cards. By sending a binary SMS to a number of phones, he can collect data that eventually allow him to break through the encryption on some of the phones. Each vulnerability Nohl identified only applies to certain SIM cards, but in the wrong hands they could endanger a large percentage of the SIM cards in use right now.

    Though Nohl isn't officially presenting his findings until the Black Hat security conference in Las Vegas on July 30, he did share them with the GSM Association. A spokeswoman, Claire Cranton, told the New York Times:

    We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.

    Definitely sounds like they're on it, and totally trust enormous mobile providers like AT&T and Verizon to act quickly and nimbly in resolving this issue.

文章评论
发表评论:(匿名发表无需登录,已登录用户可直接发表。) 登录状态: 未登录,点击登录



重庆渝顺诊所连锁有限公司版权所有©  渝ICP备2021003442号-1  渝公网安备50011302000677号

Email:shoulty@580c.cn 地址:重庆市渝北区双凤桥街道桃源大道333号附2号龙港·红树林13幢1-5