Millions of SIM cards at risk of hijacking

July 23, 2013
0 23 34 8

    SIM Cards

    We’re used to hearing about the odd smartphone security flaw by now, but this latest one potentially leaves your SIM card at risk of being exploited, which could leave you footing the bill for a fraudster’s misdeeds.

    After three years of research, German cryptographer Karsten Nohl has found encryption and software flaws that could affect millions of SIM cards. His team tested nearly a thousand SIM cards, and found that a quarter of them could be exploited. However, given that encryption standards vary between countries, Nohl estimates that around an eighth of the world’s SIM cards could be vulnerable, which works out to about half a billion mobile devices.

    Vulnerable Digital Encryption Standard SIM cards can be exploited by an attacker sending a command to your phone requesting some data. However, at first the SIM rejects the request as the attacker doesn’t have the correct encryption, but sends back an error code carrying its own encrypted 56-bit private key.

    This encryption key can then be easily looked up using a mathematical “rainbow table”, it only took Nohl’s team two minutes to crack it. Once the attacker has the key, they can then send premium text messages, re-direct and record calls, carry out payment system fraud, and even clone details stored on the SIM.

    But don’t worry too much, remember that it took three years of dedicated research for Nohl to discover this problem, so it’s highly unlikely that anyone else is currently using the exploit. We’ll keep you updated with any further developments, hopefully the carrier industry will address the problem soon.

    0 23 34

    Via

    Tags

    Comments

    • paxmos

      “attacker sending a command to your phone requesting some data”…How is this triggered?

      • MasterMuffin

        A fake carrier text message according to the hacker Nohl

        • lil bit

          Then i guess its pretty much the same as MMS/WAP configuration settings received from carrier, and those you have to approve before they are installed. Plus, there was talk about this exploit being able to send stuff to SMS services that cost money, i dont think that will be a big problem as well, in Android 4.2.2 theres a popup asking permission every time the phone tries to send SMS to services that “may” cost money. And who uses so old SIM in a smartphone anyway.

          • MasterMuffin

            Old? I believe this works on new SIM cards too (correct me if I’m wrong).

            And to your guessing part, here’s what the article says ” Vulnerable Digital Encryption Standard SIM cards can be exploited by an attacker sending a command to your phone requesting some data. However, at first the SIM rejects the request as the attacker doesn’t have the correct encryption, but sends back an error code carrying its own encrypted 56-bit private key.” so I don’t think it goes like you said.

            • NexusKoolaid

              As I understand it, this exploit works only on SIM cards that use the DES-56 encryption. Newer SIM cards are supposed to be using a different type of encryption.

            • MasterMuffin

              How new exactly?

            • lorin

              damn. my SIM card dates back to 2005. must be vulnerable to this exploit.. :(

    • Dan

      It’s one thing to discover the problem in three years, exploits are easier to implement since Nohl already did the heavy lifting. Remember that hackers can figure out the actual vulnerabilities from vague descriptions of a security hole.

      Indeed, whenever a vendor announces a patch (say MS or Adobe), blackhatters would reverse engineer it and figure it out pretty quickly, and exploit it even before the patch spreads throughout the userbase.

      The hackers are already trying to figure out the SIM vulnerability and how to exploit it, and I have no doubt that it will be discovered before Nohl’s revelation in August. I hope that it would cause just enough disruption to force cheap telcos to use 3DES. My telco isn’t telling me what cipher they are using. Security through obscurity, I guess. It will never work.

    Popular

    Latest