OK

This is only a Preview!

You must Publish this diary to make this visible to the public,
or click 'Edit Diary' to make further changes first.

Posting a Diary Entry

Daily Kos welcomes blog articles from readers, known as diaries. The Intro section to a diary should be about three paragraphs long, and is required. The body section is optional, as is the poll, which can have 1 to 15 choices. Descriptive tags are also required to help others find your diary by subject; please don't use "cute" tags.

When you're ready, scroll down below the tags and click Save & Preview. You can edit your diary after it's published by clicking Edit Diary. Polls cannot be edited once they are published.

If this is your first time creating a Diary since the Ajax upgrade, before you enter any text below, please press Ctrl-F5 and then hold down the Shift Key and press your browser's Reload button to refresh its cache with the new script files.

ATTENTION: READ THE RULES.

  1. One diary daily maximum.
  2. Substantive diaries only. If you don't have at least three solid, original paragraphs, you should probably post a comment in an Open Thread.
  3. No repetitive diaries. Take a moment to ensure your topic hasn't been blogged (you can search for Stories and Diaries that already cover this topic), though fresh original analysis is always welcome.
  4. Use the "Body" textbox if your diary entry is longer than three paragraphs.
  5. Any images in your posts must be hosted by an approved image hosting service (one of: imageshack.us, photobucket.com, flickr.com, smugmug.com, allyoucanupload.com, picturetrail.com, mac.com, webshots.com, editgrid.com).
  6. Copying and pasting entire copyrighted works is prohibited. If you do quote something, keep it brief, always provide a link to the original source, and use the <blockquote> tags to clearly identify the quoted material. Violating this rule is grounds for immediate banning.
  7. Be civil. Do not "call out" other users by name in diary titles. Do not use profanity in diary titles. Don't write diaries whose main purpose is to deliberately inflame.
For the complete list of DailyKos diary guidelines, please click here.

Please begin with an informative title:

Earlier today, computer security expert Karsten Nohl revealed that millions of cell phone users could be at risk due to a vulnerability in their SIM cards.  A malicious user can send a special message to the SIM card and take control of your phone.

Whenever a company releases a SIM Card update, it does so using a binary SMS message. Unlike regular SMS messages that texters are familiar with, the binary SMS message is sent directly from the company to the SIM card. "It's used a lot in manufacturing functions," Nohl told ABC News.

Hackers first send out a binary SMS to the phone they are attacking. They receive an error message from the phone, but that error message is digitally signed with a cryptographic signature. The hacker can reverse engineer the signature to reveal a key, which can then be exploited to send their own text messages, change the phone's voicemail number, or install their own apps on that phone. "All in all, the process takes about three minutes," said Nohl.

Nohl posted his preliminary findings here, and is also due to speak on them at the Black Hat USA conference later this month.  He told the BBC that many of the vulnerable SIM cards are based on 1970s technology called Digital Encryption Standard.  A malicious user on a regular computer can crack DES within two minutes.  They can send texts to premium rate numbers and download their own apps to your phone.  Even worse, they can also listen in on your voicemail, change your voicemail number, and track your location.  How sneaky is this?  If the hacker is smart about it and doesn't either download apps or change the voicemail number, a hacked user doesn't even know anything is wrong until he or she gets the next cell phone bill.

According to Nohl, roughly one-eighth of the world's SIM cards--as many as 700 million phones--are susceptible to this vulnerability.  AT&T and T-Mobile say that so far, none of their customers are among them.  So far, anyway.

Intro

You must enter an Intro for your Diary Entry between 300 and 1150 characters long (that's approximately 50-175 words without any html or formatting markup).

Extended (Optional)

EMAIL TO A FRIEND X
Your Email has been sent.