SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawed_sim_cards_popular_4g_modems

By Darren Pauli
The Register
19 Nov 2014

A Russian research team has found vulnerabilities in millions of the 
world's SIM cards, and separate flaws in common 4G modem platforms. 
Together, the bugs could allow attackers to send crafted SMS text messages 
to gain access to critical systems and install malware on connected 
computers.

In one dramatic and hypothetical example, the research team of six from 
outfit SCADA StrangeLove showed how track switching mechanisms in the 
European Rail Traffic Management System could be altered by remote 
attackers targeting computers and devices on trains and tracks.

They found what fellow SRlabs researcher Karsten Nohl estimated was 
'millions' of the world's SIM cards that could be impersonated by 
attackers who captured the users' Temporary International Mobile 
Subscriber Identity and decryption key (Kc), numbers that were designed to 
stop eavesdropping between devices and phone towers.

It built on Nohl's research last year that revealed SIM flaws could allow 
attackers to intercept calls and target wireless NFC applications like 
contactless payments through crafted text messages.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/