SIM sleuth finds security flaw that may affect 750M phones

Jul 22, 2013 by Nancy Owano report
SIM sleuth finds security flaw that may affect 750M phones

Yet another path to smartphone break-ins and fraud? Trouble-seeking cryptographer and security researcher Karsten Nohl, the managing director of Security Research Labs, based in Berlin, Germany, has revealed that some mobile SIM cards can be compromised as they carry encryption and software flaws. How massive is the potential damage? We are talking about a vulnerability that could affect 750 million phones. Nohl's company has an ominous front page with a note showing handwriting, "Forever yours, Sim." The elegant note was below a headline, "SIM cards are prone to remote hacking." Nohl can back that up. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by sending a hidden SMS.

This is not yet another phone malware story. SIM is in a class of its own. SIMs are thought to be one of the most secure parts of a phone With over seven billion cards in active use, SIM cards, as the Labs site puts it, are "the de facto trust anchor of worldwide."

The cards are designed to protect subscribers' mobile identity, associate devices with phone numbers, and, in phones that are NFC-enabled with mobile wallets, may store payment credentials. So what did Nohl discover? First, there was the discovery of problems in cards using older DES, which stands for Data Encryption Standard, intended to maintain security. DES was first developed by IBM in the 1970s. Although a number of manufacturers phased out the older DES for stronger DES methods, other manufacturers did not move on from the older standard DES. A number of successful attacks were on SIM cards using the older DES.

Nohl said broken Java sandboxing is another shortcoming, where some of the implementations were found to be insecure. According to Security Research Labs, "A Java applet can break out of its realm and access the rest of the card. This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card."

Nohl was able to crack the card's encryption key and download a virus onto the SIM card. So if there were a criminal out there to do the same, what's the worst that could happen? The worst mirrors what fearful phone owners imagine. An attacker could control the phone, adding to the victim's bills and credit headaches with sent messages and payment system fraud.

Nohl will reveal more details about his "Rooting SIM Cards" research at the Black Hat conference later this month and he will also talk about "SIM card exploitation" at the OHM (Observe, Hack, Make) hacker camp, an international technology and security conference in the Netherlands, on August 3.

In the talk notes for Black Hat, Nohl wrote: "The protection pretense of SIM cards is based on the understanding that they have never been exploited. This talk ends this myth of unbreakable SIM cards and illustrates that the cards—like any other computing system—are plagued by implementation and configuration bugs." Two carriers are working on finding a patch for the SIM vulnerability, which they will share with other operators through the wireless association GSMA. The GSMA represents the interests of mobile operators worldwide. The history of GSMA goes back to 1982 when it was first the Groupe Speciale Mobile (GSM), formed to design a pan-European technology.

Meanwhile, Security Research Labs has a number of recommendations for how to mitigate the risk of remote SIM exploitation. One of those recommendations is "better SIM cards." They need to use "state-of-art cryptography with sufficiently long keys, should not disclose signed plaintexts to attackers, and must implement secure Java virtual machines. While some cards already come close to this objective, the years needed to replace vulnerable legacy cards warrant supplementary defenses."

Explore further: Hand out money with my mobile? I think I'm ready

More information:

Related Stories

Japan considers end to cellphone 'SIM lock'

Mar 29, 2010

Japan is moving towards ending restrictions on mobile telephone users switching operators or using an overseas network by changing the SIM memory card, a government official said Monday.

French police dismantle mobile phone hacking ring

Sep 27, 2010

French police have busted a network of mobile phone hackers, a fraud worth millions of euros, and arrested nine people, including employees of cellular phone companies, investigators said Sunday.

Companies struggle to popularize mobile money

Mar 01, 2013

Mobile money may seem like a hot concept, but consumers aren't warming to it. At the world's largest cellphone trade show, here in Barcelona this week, the 70,000 attendees are encouraged to use their cellphones ...

GSM system about to be compromised

Dec 08, 2009

( -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile ...

Recommended for you

Hand out money with my mobile? I think I'm ready

Apr 17, 2014

A service is soon to launch in the UK that will enable us to transfer money to other people using just their name and mobile number. Paym is being hailed as a revolution in banking because you can pay peopl ...

Quantenna promises 10-gigabit Wi-Fi by next year

Apr 16, 2014

( —Quantenna Communications has announced that it has plans for releasing a chipset that will be capable of delivering 10Gbps WiFi to/from routers, bridges and computers by sometime next year. ...

Tech giants look to skies to spread Internet

Apr 16, 2014

The shortest path to the Internet for some remote corners of the world may be through the skies. That is the message from US tech giants seeking to spread the online gospel to hard-to-reach regions.

Wireless industry makes anti-theft commitment

Apr 16, 2014

A trade group for wireless providers said Tuesday that the biggest mobile device manufacturers and carriers will soon put anti-theft tools on the gadgets to try to deter rampant smartphone theft.

Dish Network denies wrongdoing in $2M settlement

Apr 15, 2014

The state attorney general's office says Dish Network Corp. will reimburse Washington state customers about $2 million for what it calls a deceptive surcharge, but the satellite TV provider denies any wrongdoing.

Netflix's Comcast deal improves quality of video

Apr 14, 2014

Netflix's videos are streaming through Comcast's Internet service at their highest speeds in the past 17 months now that Netflix is paying for a more direct connection to Comcast's network.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 22, 2013
The future never looked more bright nor more bleak
1 / 5 (4) Jul 22, 2013
This is no surprise. Every system has overlooked flaws. The modern key and lock have been around for over one hundred years and it wasn't until the last decade or so that someone figured out the bump-key technique of picking locks.
2 / 5 (1) Jul 22, 2013
I'm not sure these are all flaws. At least some of them could represent soft back doors, created by willful neglect or by design. How else can one - for example - explain the use of DES.

More news stories

Under some LED bulbs whites aren't 'whiter than white'

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Hackathon team's GoogolPlex gives Siri extra powers

( —Four freshmen at the University of Pennsylvania have taken Apple's personal assistant Siri to behave as a graduate-level executive assistant which, when asked, is capable of adjusting the temperature ...

Researchers uncover likely creator of Bitcoin

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

Continents may be a key feature of Super-Earths

Huge Earth-like planets that have both continents and oceans may be better at harboring extraterrestrial life than those that are water-only worlds. A new study gives hope for the possibility that many super-Earth ...

Researchers successfully clone adult human stem cells

( —An international team of researchers, led by Robert Lanza, of Advanced Cell Technology, has announced that they have performed the first successful cloning of adult human skin cells into stem ...