On 2013-07-22 9:01 AM, Randall Webmail wrote:
[SNIP]
To derive a DES OTA key, an attacker starts by sending a binary SMS to
a target device. The SIM does not execute the improperly signed OTA
command, but does in many cases respond to the attacker with an error
code carrying a cryptographic signature, once again sent over binary
SMS. A rainbow table resolves this plaintext-signature tuple to a
56-bit DES key within two minutes on a standard computer.
*Deploying SIM malware.* The cracked DES key enables an attacker to
send properly signed binary SMS, which download Java applets onto the
SIM. Applets are allowed to send SMS, change voicemail numbers, and
query the phone location, among many other predefined functions. These
capabilities alone provide plenty of potential for abuse. [SNIP]
https://srlabs.de/rooting-sim-cards/
A number of projects have been launched to use cell phones as a money
device, a smart card. I am pretty sure if your malware can send sms, it
can transfer funds.
This not all that fatal, as the money is traceable, but it means that
the financial institution needs an apparatus to reverse cell phone
transactions, and that cell phone money is therefore soft on the may scale.
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
