Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
SIM card
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Security == In July 2013, Karsten Nohl, a security researcher from SRLabs, described<ref>[http://securitywatch.pcmag.com/mobile-security/313914-encryption-bug-in-sim-card-can-be-used-to-hack-millions-of-phones Encryption Bug in SIM Card Can be Used to Hack Millions of Phones] {{Webarchive|url=https://web.archive.org/web/20130724055849/http://securitywatch.pcmag.com/mobile-security/313914-encryption-bug-in-sim-card-can-be-used-to-hack-millions-of-phones |date=24 July 2013 }}, published 2013-07-21, accessed 2013-07-22</ref><ref name=SRLabs>[https://archive.today/20130721231840/https://srlabs.de/rooting-sim-cards/ Rooting SIM cards], SR Labs, accessed 2013-07-22</ref> vulnerabilities in some SIM cards that supported [[Data Encryption Standard|DES]], which, despite its age, is still used by some operators.<ref name=SRLabs /> The attack could lead to the phone being remotely [[Phone cloning|cloned]] or let someone steal payment credentials from the SIM.<ref name=SRLabs /> Further details of the research were provided at [[Black Hat Briefings|BlackHat]] on 31 July 2013.<ref name=SRLabs /><ref>{{cite web|url=https://www.blackhat.com/us-13/briefings.html#Nohl|title=Black Hat USA 2013|access-date=29 April 2016|archive-date=2 January 2018|archive-url=https://web.archive.org/web/20180102130632/http://www.blackhat.com/us-13/briefings.html#Nohl|url-status=live}}</ref> In response, the [[International Telecommunication Union]] said that the development was "hugely significant" and that it would be contacting its members.<ref>[https://www.reuters.com/article/mobile-hacking-idUSL6N0FR0JD20130721 UPDATE 1-UN warns on mobile cybersecurity bugs in bid to prevent attacks] {{Webarchive|url=https://web.archive.org/web/20220319084019/https://www.reuters.com/article/mobile-hacking-idUSL6N0FR0JD20130721 |date=19 March 2022 }}, Reuters, 2013-07-21, accessed 2013-07-21</ref> In February 2015, [[The Intercept]] reported that the [[National Security Agency|NSA]] and [[GCHQ]] had stolen the encryption keys (Ki's) used by [[Gemalto]] (now known as [[Thales DIS AIS|Thales DIS]], manufacturer of 2 billion SIM cards annually) <ref>{{Cite web |date=2019-04-02 |title=Thales Completes Acquisition Of Gemalto To Become A Global Leader In Digital Identity And Security {{!}} Thales Group |url=https://www.thalesgroup.com/en/group/journalist/press-release/thales-completes-acquisition-gemalto-become-global-leader-digital |access-date=2023-12-24 |website=www.thalesgroup.com |language=en}}</ref>), enabling these intelligence agencies to monitor voice and data communications without the knowledge or approval of cellular network providers or judicial oversight.<ref>{{cite web|url = https://firstlook.org/theintercept/2015/02/19/great-sim-heist/|title = The Great SIM Heist – How Spies Stole the Keys to the Encryption Castle|date = 19 February 2015|access-date = 19 February 2015|website = The Intercept|publisher = The Intercept (First Look Media)|archive-date = 19 February 2015|archive-url = https://web.archive.org/web/20150219200149/https://firstlook.org/theintercept/2015/02/19/great-sim-heist/|url-status = live}}</ref> Having finished its investigation, Gemalto claimed that it has “reasonable grounds” to believe that the NSA and GCHQ carried out an operation to hack its network in 2010 and 2011, but says the number of possibly stolen keys would not have been massive.<ref>{{cite web|url = https://techcrunch.com/2015/02/25/gemalto-2/|title = Gemalto: NSA/GCHQ Hack 'Probably Happened' But Didn't Include Mass SIM Key Theft|date = 25 February 2015|access-date = 2 April 2015|website = techcrunch.com|archive-date = 30 March 2015|archive-url = https://web.archive.org/web/20150330070411/http://techcrunch.com/2015/02/25/gemalto-2/|url-status = live}}</ref> In September 2019, Cathal Mc Daid, a security researcher from Adaptive Mobile Security, described<ref>{{Cite web|last=Cimpanu|first=Catalin|title=Simjacker attack exploited in the wild to track users for at least two years|url=https://www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/|access-date=2021-07-28|website=ZDNet|language=en|archive-date=28 July 2021|archive-url=https://web.archive.org/web/20210728160009/https://www.zdnet.com/article/new-simjacker-attack-exploited-in-the-wild-to-track-users-for-at-least-two-years/|url-status=live}}</ref><ref>{{Cite web|title=Simjacker – Next Generation Spying Over Mobile {{!}} Mobile Security News {{!}} AdaptiveMobile|url=https://blog.adaptivemobile.com/simjacker-next-generation-spying-over-mobile|access-date=2021-07-28|website=blog.adaptivemobile.com|language=en|archive-date=28 July 2021|archive-url=https://web.archive.org/web/20210728154207/https://blog.adaptivemobile.com/simjacker-next-generation-spying-over-mobile|url-status=live}}</ref> how vulnerabilities in some SIM cards that contained the S@T Browser library were being actively exploited. This vulnerability was named [[Simjacker]]. Attackers were using the vulnerability to track the location of thousands of mobile phone users in several countries.<ref>{{Cite news|last=Olson|first=Parmy|date=2019-09-13|title=Hackers Use Spyware to Track SIM Cards|language=en-US|work=[[The Wall Street Journal]]|url=https://www.wsj.com/articles/hackers-use-spyware-to-track-sim-cards-11568400758|access-date=2021-07-28|issn=0099-9660|archive-date=28 July 2021|archive-url=https://web.archive.org/web/20210728154206/https://www.wsj.com/articles/hackers-use-spyware-to-track-sim-cards-11568400758|url-status=live}}</ref> Further details of the research were provided at [[Virus Bulletin|VirusBulletin]] on 3 October 2019.<ref>{{Cite web|title=Virus Bulletin :: Simjacker — the next frontier in mobile espionage|url=https://www.virusbulletin.com/conference/vb2019/abstracts/simjacker-next-frontier-mobile-espionage|access-date=2021-07-28|website=www.virusbulletin.com|archive-date=28 July 2021|archive-url=https://web.archive.org/web/20210728154208/https://www.virusbulletin.com/conference/vb2019/abstracts/simjacker-next-frontier-mobile-espionage|url-status=live}}</ref><ref>{{Cite web|title=Simjacker — Frequently Asked Questions and Demos {{!}} Mobile Security News {{!}} AdaptiveMobile|url=https://blog.adaptivemobile.com/simjacker-frequently-asked-questions|access-date=2021-07-28|website=blog.adaptivemobile.com|language=en|archive-date=28 July 2021|archive-url=https://web.archive.org/web/20210728154207/https://blog.adaptivemobile.com/simjacker-frequently-asked-questions|url-status=live}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)