[ISN] SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems

http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawed_sim_cards_popular_4g_modems By Darren Pauli The Register 19 Nov 2014 A Russian research team has found vulnerabilities in millions of the world’s SIM cards, and separate flaws in common 4G modem platforms. Together, the bugs could allow attackers to send crafted SMS text messages to gain access to critical systems and install malware on connected computers. In one dramatic and hypothetical example, the research team of six from outfit SCADA StrangeLove showed how track switching mechanisms in the European Rail Traffic Management System could be altered by remote attackers targeting computers and devices on trains and tracks. They found what fellow SRlabs researcher Karsten Nohl estimated was ‘millions’ of the world’s SIM cards that could be impersonated by attackers who captured the users’ Temporary International Mobile Subscriber Identity and decryption key (Kc), numbers that were designed to stop eavesdropping between devices and phone towers. It built on Nohl’s research last year that revealed SIM flaws could allow attackers to intercept calls and target wireless NFC applications like contactless payments through crafted text messages. […]