It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Researchers look sideways to crack SIM card AES-128 encryption

page: 1
3

log in

join
share:

posted on Aug, 6 2015 @ 11:34 AM
link   
Source - The Register




Yu Yu (yes, that is my real name, he joked) is a research professor with Shanghai Jiao Tong University who has spent the last year finding out how to crack the encryption codes on 3G and 4G cards. These use AES-128, which is supposed to be virtually unbeatable by a brute-force attack, but turns out to be easy to defeat using side-channel analysis.

Side-channel attacks measure things like power consumption, electromagnetic emissions, and heat generation to work out what is going on in a chip. The technique has been around for years, and requires physical access to the target device.

Yu and his team assembled an oscilloscope to track the power levels, a MP300-SC2 protocol analyzer to monitor data traffic, a self-made SIM card reader, and a standard PC to correlate the results. With this simple setup they cracked eight commercial SIM cards in between 10 and 80 minutes.


This is pretty wild, of course other AES encryption has been cracked, but this was AES-128, supposedly unbeatable which should of said something there, ( nothing is 100% secure, it's digital code ) . The good part for those of you about to take a hammer to your phone is, the crackers need to have physical access to the sim card which to most will set off flags.

The CIA will be pleased that's for sure, but hopefully this will force smartphone makers to add more physical security to our devices. Digital deterrents are all fine and dandy but we need to have more physical measures in place. I've read articles about smartphones being able to steal passwords via measuring the keystrokes from the smartphone's accelerometer.

The future will only open more rabbit holes.

Here is an earlier articles I found related to the same topic - www.abovetopsecret.com...



Recovering a key is no five minute job and despite being four times easier than other methods the number of steps required to crack AES-128 is an 8 followed by 37 zeroes.

edit on 6-8-2015 by Tranceopticalinclined because: (no reason given)



posted on Aug, 6 2015 @ 01:24 PM
link   
a reply to: Tranceopticalinclined

Fascinating.

But I guess physical access becomes less and less important the more we use web/cloud based apps and even OS'. Mail, social media, banking, dating apps and the like all hold valuable information about us and are vulnerable no matter how tight we secure our phones.

Still, it is good to know hove easily AES-encryption are broken should we loose our phones.


Great post, OP! :-)



posted on Aug, 6 2015 @ 03:06 PM
link   
Seems like a lot of trouble to go through to crack a SIM card. If you really wanted to know what was going on with a phone wouldn't malware of some type be faster and easier?



posted on Aug, 6 2015 @ 03:12 PM
link   
a reply to: sycomix

I agree. The encrypted data has to be accessed at some point by the user - I would tend to believe that it would much simpler to wait until the user decrypts (so to read the data) and catch the whole operation live.


edit on 6-8-2015 by swanne because: (no reason given)



posted on Aug, 6 2015 @ 03:30 PM
link   
a reply to: swanne

In a SIM card the encryption is all done on the card it's self, that little microchip is actually a full dedicated computer, RAM and everything!



posted on Aug, 6 2015 @ 03:34 PM
link   
a reply to: Now_Then

Yes, but then the information still has to be read by the system once decrypted, does it not?

If a malware were to spy the reader, the malware could discover everything the reader sees... Right?


edit on 6-8-2015 by swanne because: (no reason given)



posted on Feb, 27 2016 @ 02:48 AM
link   
a reply to: swanne

Aes-128 is widely used within ransomware viruses which encrypt victim's data and ask for the ransom for decryption. Today there are some cracks against it, example: sureshotsoftware.com... and it seems to recover the code, including aes-128.



posted on Feb, 27 2016 @ 08:16 AM
link   
I haven't trusted anything less than 256 bit encryption for many years.128 bits hardly provides enough entropy in today's age of fast computers and GPU powered crackers.



new topics

top topics



 
3

log in

join