SIM sleuth finds security flaw that may affect 750M phones

July 22, 2013 by Nancy Owano report
SIM sleuth finds security flaw that may affect 750M phones

Yet another path to smartphone break-ins and fraud? Trouble-seeking cryptographer and security researcher Karsten Nohl, the managing director of Security Research Labs, based in Berlin, Germany, has revealed that some mobile SIM cards can be compromised as they carry encryption and software flaws. How massive is the potential damage? We are talking about a vulnerability that could affect 750 million phones. Nohl's company has an ominous front page with a note showing handwriting, "Forever yours, Sim." The elegant note was below a headline, "SIM cards are prone to remote hacking." Nohl can back that up. He and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by sending a hidden SMS.

This is not yet another phone malware story. SIM is in a class of its own. SIMs are thought to be one of the most secure parts of a phone With over seven billion cards in active use, SIM cards, as the Labs site puts it, are "the de facto trust anchor of worldwide."

The cards are designed to protect subscribers' mobile identity, associate devices with phone numbers, and, in phones that are NFC-enabled with mobile wallets, may store payment credentials. So what did Nohl discover? First, there was the discovery of problems in cards using older DES, which stands for Data Encryption Standard, intended to maintain security. DES was first developed by IBM in the 1970s. Although a number of manufacturers phased out the older DES for stronger DES methods, other manufacturers did not move on from the older standard DES. A number of successful attacks were on SIM cards using the older DES.

Nohl said broken Java sandboxing is another shortcoming, where some of the implementations were found to be insecure. According to Security Research Labs, "A Java applet can break out of its realm and access the rest of the card. This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card."

Nohl was able to crack the card's encryption key and download a virus onto the SIM card. So if there were a criminal out there to do the same, what's the worst that could happen? The worst mirrors what fearful phone owners imagine. An attacker could control the phone, adding to the victim's bills and credit headaches with sent messages and payment system fraud.

Nohl will reveal more details about his "Rooting SIM Cards" research at the Black Hat conference later this month and he will also talk about "SIM card exploitation" at the OHM (Observe, Hack, Make) hacker camp, an international technology and security conference in the Netherlands, on August 3.

In the talk notes for Black Hat, Nohl wrote: "The protection pretense of SIM cards is based on the understanding that they have never been exploited. This talk ends this myth of unbreakable SIM cards and illustrates that the cards—like any other computing system—are plagued by implementation and configuration bugs." Two carriers are working on finding a patch for the SIM vulnerability, which they will share with other operators through the wireless association GSMA. The GSMA represents the interests of mobile operators worldwide. The history of GSMA goes back to 1982 when it was first the Groupe Speciale Mobile (GSM), formed to design a pan-European technology.

Meanwhile, Security Research Labs has a number of recommendations for how to mitigate the risk of remote SIM exploitation. One of those recommendations is "better SIM cards." They need to use "state-of-art cryptography with sufficiently long keys, should not disclose signed plaintexts to attackers, and must implement secure Java virtual machines. While some cards already come close to this objective, the years needed to replace vulnerable legacy cards warrant supplementary defenses."

Explore further: Japan agrees to end cellphone SIM lock: report

More information:

Related Stories

Infineon, Intel to Develop High-Density SIM Card Solutions

November 13, 2007

Today at the Cartes Trade Show in Paris, Infineon Technologies announced a strategic technology collaboration for the development of optimized chip solutions for high-density (HD) SIM cards with Intel Corporation.

Japan considers end to cellphone 'SIM lock'

March 29, 2010

Japan is moving towards ending restrictions on mobile telephone users switching operators or using an overseas network by changing the SIM memory card, a government official said Monday.

French police dismantle mobile phone hacking ring

September 27, 2010

French police have busted a network of mobile phone hackers, a fraud worth millions of euros, and arrested nine people, including employees of cellular phone companies, investigators said Sunday.

Companies struggle to popularize mobile money

March 1, 2013

Mobile money may seem like a hot concept, but consumers aren't warming to it. At the world's largest cellphone trade show, here in Barcelona this week, the 70,000 attendees are encouraged to use their cellphones —instead ...

GSM system about to be compromised

December 8, 2009

( -- Research scientists in California and elsewhere are deliberately setting out to compromise the mobile phone system used by around three billion people. The system uses Global System for Mobile communications ...

Recommended for you

Dutch open 'world's first 3D-printed bridge'

October 17, 2017

Dutch officials toasted on Tuesday the opening of what is being called the world's first 3D-printed concrete bridge, which is primarily meant to be used by cyclists.


Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jul 22, 2013
The future never looked more bright nor more bleak
1 / 5 (5) Jul 22, 2013
This is no surprise. Every system has overlooked flaws. The modern key and lock have been around for over one hundred years and it wasn't until the last decade or so that someone figured out the bump-key technique of picking locks.
1.5 / 5 (2) Jul 22, 2013
I'm not sure these are all flaws. At least some of them could represent soft back doors, created by willful neglect or by design. How else can one - for example - explain the use of DES.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.