Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

06:51 PM
Connect Directly

SIM Card Hack A Wakeup Call

Crack of mobile SIM card crypto and virtual machine features could let an attacker target and clone a phone

A researcher has discovered major flaws in some SIM cards that could pave the way for more targeted attacks against mobile device users.

Click here for more of Dark Reading's Black Hat articles.

Famed encryption researcher Karsten Nohl of Security Research Labs will show at Black Hat USA next week how he was able to hack some SIM cards in mobile phones by cracking the Data Encryption Standard (DES) keys used for over-the-air updates. The vulnerability in the DES authentication, as well as another flaw Nohl found in the cards' virtual machine or sandbox feature, could affect millions of SIM cards.

SIM cards match devices with their phone numbers, for example, and are also being gradually used for storing payment credentials for near-field communications transactions. Software updates occur via encrypted SMS messages sent to the SIM, but Nohl was able to crack the older-technology DES keys still being used in some SIM cards via a rainbow table method after sending a binary SMS to a targeted mobile device.

"The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS," according to Security Research Labs' description of the hack. "A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer."

That allows an attacker to sign an SMS binary message and send a Java applet to the card. "Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse," according to the research.

Nohl hacked two major SIM card vendors' Java sandbox or virtual machine security, which were built to ensure that Java applets operate in their own sectors for security reasons. He was able to break Java applets out of their sandboxes and provide the access to other parts of the SIM card. "This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card," he said in his post.

But hold the phone, security expert say: While the findings are significant, this is a fairly sophisticated hack that affects only between 10 to 20 percent of SIM cards in use today, says Marc Rogers, principal security researcher for mobile security firm Lookout Security. "It's definitely not in the wild yet ... and it's a very complex hack. I wouldn't get too panicked about it," Rogers says. "Newer versions of SIM cards don't use DES and are not vulnerable" to this hack, he says.

It's not the first time SIM cards have been hacked. Older crypto algorithms were cracked in SIM cards more than a decade ago. "It's novel in that [Nohl] has been able to break crypto in more recent [cards]," says Don A. Bailey, CEO at Capitol Hill Consultants LLC. "It's not a new method, but it's absolutely an exciting hack ... It's extremely important because it affects so many people around the world, and it will for quite some time."

It allows the attacker to assume the victim's mobile identity on the network, he says. "I can clone your card, and then I'm receiving your calls and text messages," Bailey says. Ultimately, the mobile carrier should be able to detect when a mobile user's account shows up in duplicate on the network, he says.

The Java Card hack was a logical next step to the DES encryption crack, security experts say. "Once you have crypto authentication to upload data to the card, it's highly likely you're going to be able to subvert the security of that card," Bailey says. "Most of the security controls are at the crypto point of entry."

[At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices. See Researchers To Highlight Weaknesses In Secure Mobile Data Stores .]

Most flaws and attacks on mobile devices to date have been app-level and opportunistic, so Kohl's attack demonstrates how more targeted mobile attacks could be executed, experts say.

"They pushed the risk and exploitation further down the stack" in mobile, says Tyler Shields, a senior analyst with Forrester Research. "I've been talking about how app security is the easiest entry point, but this is pushing it all the way down to the hardware ... This feels like it's more weaponizable and operational," Shield says.

The GSMA, which represents mobile operators, said in a statement that based on the information provided thus far by Nohl, the hack appears to affect a "minority" of SIM cards. "There is no evidence to suggest that today's more secure SIMs, which are used to support a range of advanced services, will be affected. The mobile industry and its users benefit from the high security standard provided by SIM cards. The SIM has proved to be a secure method to authenticate users and enable the portability of services between devices from the inception of GSM technology," the statement said.

"The GSMA welcomes positive research which may identify and pinpoint implementation issues that can be fixed and result in enhanced security levels and ongoing user confidence in SIM secured services. The GSMA takes the security of SIM Cards very seriously and has Working Groups that follow these developments. We continue to work with our mobile operator members and the SIM providers to minimise any potential risks," the GSMA said.

Adrian Stone, director of BlackBerry Security Response and Threat Analysis, says the GSMA last year adopted recommendations from BlackBerry for beefing up standards for securing SIM cards. "BlackBerry works closely with the research community to identify and address security issues, and as part of a researcher collaboration last year, BlackBerry lead the charge to update industry SIM card standards in order to help ensure customers across the industry are protected from this type of attack. The GSMA adopted BlackBerry's recommendations, which will help protect every device that uses a SIM, including mobile devices, cars, credit card machines and others," he says.

Security Research Labs, meanwhile, recommends that SIM cards deploy the latest cryptography and secure Java VMs, SMS firewalls, and SMS filtering by carriers.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/26/2013 | 6:40:56 AM
re: SIM Card Hack A Wakeup Call
Great topic, as weGve said before with millions of mobile apps available across the Apple, Android,
Blackberry and Windows marketplaces, one of the most critical areas to pay
attention to is security. Fundamentally, all software, not just mobile
applications, should follow some type of process, like the SDLC, to ensure that
security is built into all phases of the development lifecycle. However, what
weGve seen with mobile applications is GǣSMiShing,Gǥ which is phishing conducted
via SMS (text), hereGs an article talking about this: http://blog.securityinnovation...
User Rank: Apprentice
7/23/2013 | 7:00:12 AM
re: SIM Card Hack A Wakeup Call
Very interesting research.

Particularly because more and more Multi-Factor-Authentication (MFA) solutions use a mobile phone as a 2nd factor. When you zoom in on these solutions, some are in fact using the mobile device, but most of them are based on sending/receiving of SMS text messages. If a fraudster is using this hack, MFA is effectively not adding security and identity theft goes beyond reading my text-messages.

One of the questions for me is: how does a user know if his SIM is in the vulnarable category (10-20%) or has a more safer technology?
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640) 1.01B04. Ordinary permissions can be elevated to administrator permissions, resulting in local arbitrary code execution. An attacker can combine other vulnerabilities to further achieve the purpose of remot...
PUBLISHED: 2021-06-16
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombs...
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter.
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an una...
PUBLISHED: 2021-06-16
An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml.