Also here:
http://www.forbes.com/sites/parmyolson/2013/07/21/sim-cards-have-finally-been-hacked-and-the-flaw-could-affect-millions-of-phones/
On 22/07/13 02:27 AM, James A. Donald wrote:
On 2013-07-22 9:01 AM, Randall Webmail wrote:
[SNIP]
To derive a DES OTA key, an attacker starts by sending a binary SMS to
a target device. The SIM does not execute the improperly signed OTA
command, but does in many cases respond to the attacker with an error
code carrying a cryptographic signature, once again sent over binary
SMS.
Wait -- using the same signing DES key as that which it uses to accept
the OTA (over-the-air) java applet???
A rainbow table resolves this plaintext-signature tuple to a
56-bit DES key within two minutes on a standard computer.
OK, but how does one acquire the rainbow table? Does one have to send
2^64 attempts to the SMS, and does it shut down after the 3rd ... or did
they forget that part too?
The hint following the links is that it is like this process:
https://srlabs.de/blog/wp-content/uploads/2010/07/Attacking.Phone_.Privacy_Karsten.Nohl_1.pdf
So, yes, you have to mount an approximate 2^64 attack.
*Deploying SIM malware.* The cracked DES key enables an attacker to
send properly signed binary SMS, which download Java applets onto the
SIM. Applets are allowed to send SMS, change voicemail numbers, and
query the phone location, among many other predefined functions. These
capabilities alone provide plenty of potential for abuse. [SNIP]
https://srlabs.de/rooting-sim-cards/
A number of projects have been launched to use cell phones as a money
device, a smart card. I am pretty sure if your malware can send sms, it
can transfer funds.
Talking about the leading system that does money over the phone, yes, as
far as I know, it's straight SMS-based, and the authentication of the
source phone is important.
This not all that fatal, as the money is traceable, but it means that
the financial institution needs an apparatus to reverse cell phone
transactions, and that cell phone money is therefore soft on the may scale.
And yes to that too. The reversal situation is much like CC, in that
customers phone up, complain, and it is reversed.
Oh, and rumour has it that they are losing hundreds of tx per day (count
your entries on one finger...).
So they are well capable of dealing with fallout in theory, but the
practical import might be rather annoying. I imagine the trick would be
to get some fake ID, and convert to cash at some random exchange agent.
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
