http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawed_sim_cards_popular_4g_modems
By Darren Pauli
The Register
19 Nov 2014
A Russian research team has found vulnerabilities in millions of the
world's SIM cards, and separate flaws in common 4G modem platforms.
Together, the bugs could allow attackers to send crafted SMS text messages
to gain access to critical systems and install malware on connected
computers.
In one dramatic and hypothetical example, the research team of six from
outfit SCADA StrangeLove showed how track switching mechanisms in the
European Rail Traffic Management System could be altered by remote
attackers targeting computers and devices on trains and tracks.
They found what fellow SRlabs researcher Karsten Nohl estimated was
'millions' of the world's SIM cards that could be impersonated by
attackers who captured the users' Temporary International Mobile
Subscriber Identity and decryption key (Kc), numbers that were designed to
stop eavesdropping between devices and phone towers.
It built on Nohl's research last year that revealed SIM flaws could allow
attackers to intercept calls and target wireless NFC applications like
contactless payments through crafted text messages.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
