Τον Φεβρουάριο του 2015, ο Edward Snowden αποκάλυψε ότι η NSA και η GCHQ είχαν παραβιάσει έναν από τους μεγαλύτερους κατασκευαστές καρτών SIM του κόσμου για να κλωνοποιήσουν cards and break the encryption. But a presentation at Black Hat shows that not all of this really was needed.
Ο Yu Yu (ναι, αυτό είναι το πραγματικό μου όνομα, αστειεύτηκε ο ερευνητής) είναι καθηγητής της έρευνας στο Shanghai Jiao Tong University. Ο ερευνητής έχει περάσει τα τελευταία χρόνια προσπαθώντας να μάθει πως μπορεί να break τους κωδικούς κρυπτογράφησης στις κάρτες 3G και 4G.
These cards use AES-128, an encryption that is supposed to be impenetrable by brute force attacks. As it turns out, however, it is easy to break using channel analysis.
Attacks Side-channel, measure and analyze data such as energy consumption, electromagnetic emissions, and heat production. By analyzing this data the researcher can learn exactly what is happening on a chip.
Η technique has been around for years, and requires physical access to the target machine.
Yu and his team used an oscilloscope to monitor power levels, a MP300-SC2 protocol for data traffic monitoring, a self-built SIM card reader, and a standard PC to match the results.
With the above they managed to break eight commercial SIM cards in 80 minutes.
The system could of course not read the encryption key directly from the cards. Instead, the research team isolated 256 sections of the key and sent them to those shown by the action of the SIM card.
This of course requires calculations and a little luck. But as soon as the system was fine-tuned it was much easier to break the encryption keys and clone the card.
Yu has proved that cloned SIM cards can successfully imitate authentic ones. It also showed how a cloned card could change the Alipay service password (one of China's largest 3rd party payment system) and eventually empty the account.
The hack demonstrated the need for more security for mobile phone users, Yu said.
Given the speed and ease of the violation, intelligence services will be very interested in Yu's technique.
