[cryptography] Must have seemed like a good idea at the time

Randall Webmail rvh40 at insightbb.com
Sun Jul 21 19:01:40 EDT 2013



[SNIP] 
To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer. 

Deploying SIM malware. The cracked DES key enables an attacker to send properly signed binary SMS, which download Java applets onto the SIM. Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse. [SNIP] 

https://srlabs.de/rooting-sim-cards/ 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130721/cb59d117/attachment.html>


More information about the cryptography mailing list