|Click here for more of Dark Reading's Black Hat articles.|
Famed encryption researcher Karsten Nohl of Security Research Labs will show at Black Hat USA next week how he was able to hack some SIM cards in mobile phones by cracking the Data Encryption Standard (DES) keys used for over-the-air updates. The vulnerability in the DES authentication, as well as another flaw Nohl found in the cards' virtual machine or sandbox feature, could affect millions of SIM cards.
SIM cards match devices with their phone numbers, for example, and are also being gradually used for storing payment credentials for near-field communications transactions. Software updates occur via encrypted SMS messages sent to the SIM, but Nohl was able to crack the older-technology DES keys still being used in some SIM cards via a rainbow table method after sending a binary SMS to a targeted mobile device.
"The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS," according to Security Research Labs' description of the hack. "A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer."
That allows an attacker to sign an SMS binary message and send a Java applet to the card. "Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse," according to the research.
Nohl hacked two major SIM card vendors' Java sandbox or virtual machine security, which were built to ensure that Java applets operate in their own sectors for security reasons. He was able to break Java applets out of their sandboxes and provide the access to other parts of the SIM card. "This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card," he said in his post.
But hold the phone, security expert say: While the findings are significant, this is a fairly sophisticated hack that affects only between 10 to 20 percent of SIM cards in use today, says Marc Rogers, principal security researcher for mobile security firm Lookout Security. "It's definitely not in the wild yet ... and it's a very complex hack. I wouldn't get too panicked about it," Rogers says. "Newer versions of SIM cards don't use DES and are not vulnerable" to this hack, he says.
It's not the first time SIM cards have been hacked. Older crypto algorithms were cracked in SIM cards more than a decade ago. "It's novel in that [Nohl] has been able to break crypto in more recent [cards]," says Don A. Bailey, CEO at Capitol Hill Consultants LLC. "It's not a new method, but it's absolutely an exciting hack ... It's extremely important because it affects so many people around the world, and it will for quite some time."
It allows the attacker to assume the victim's mobile identity on the network, he says. "I can clone your card, and then I'm receiving your calls and text messages," Bailey says. Ultimately, the mobile carrier should be able to detect when a mobile user's account shows up in duplicate on the network, he says.
The Java Card hack was a logical next step to the DES encryption crack, security experts say. "Once you have crypto authentication to upload data to the card, it's highly likely you're going to be able to subvert the security of that card," Bailey says. "Most of the security controls are at the crypto point of entry."
[At Black Hat USA, a team of mobile-security researchers plans to show off ways to circumvent the security of encrypted containers meant to protect data on mobile devices. See Researchers To Highlight Weaknesses In Secure Mobile Data Stores .]
Most flaws and attacks on mobile devices to date have been app-level and opportunistic, so Kohl's attack demonstrates how more targeted mobile attacks could be executed, experts say.
"They pushed the risk and exploitation further down the stack" in mobile, says Tyler Shields, a senior analyst with Forrester Research. "I've been talking about how app security is the easiest entry point, but this is pushing it all the way down to the hardware ... This feels like it's more weaponizable and operational," Shield says.
The GSMA, which represents mobile operators, said in a statement that based on the information provided thus far by Nohl, the hack appears to affect a "minority" of SIM cards. "There is no evidence to suggest that today's more secure SIMs, which are used to support a range of advanced services, will be affected. The mobile industry and its users benefit from the high security standard provided by SIM cards. The SIM has proved to be a secure method to authenticate users and enable the portability of services between devices from the inception of GSM technology," the statement said.
"The GSMA welcomes positive research which may identify and pinpoint implementation issues that can be fixed and result in enhanced security levels and ongoing user confidence in SIM secured services. The GSMA takes the security of SIM Cards very seriously and has Working Groups that follow these developments. We continue to work with our mobile operator members and the SIM providers to minimise any potential risks," the GSMA said.
Adrian Stone, director of BlackBerry Security Response and Threat Analysis, says the GSMA last year adopted recommendations from BlackBerry for beefing up standards for securing SIM cards. "BlackBerry works closely with the research community to identify and address security issues, and as part of a researcher collaboration last year, BlackBerry lead the charge to update industry SIM card standards in order to help ensure customers across the industry are protected from this type of attack. The GSMA adopted BlackBerry's recommendations, which will help protect every device that uses a SIM, including mobile devices, cars, credit card machines and others," he says.
Security Research Labs, meanwhile, recommends that SIM cards deploy the latest cryptography and secure Java VMs, SMS firewalls, and SMS filtering by carriers.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.