The blog of Xeno, a slightly mad scientist
A vulnerability on SIM cards used in some mobile phones could allow malware infection and surveillance, a security researcher warns.
Karsten Nohl, founder of Security Research Labs in Berlin, told The New York Times that he has identified a flaw in SIM encryption technology that could allow an attacker to obtain a SIM card’s digital key, the 56-digit sequence that allows modification of the card. The flaw, which may affect as many as 750 million mobile phones, could allow eavesdropping on phone conversations, fraudulent purchases, or impersonation of the handset’s owner, Nohl warned.
“We can remotely install software on a handset that operates completely independently from your phone,” warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. “We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s that is used on about 3 billion cell phones every day. While the encryption method has been beefed up in the past decade, many handsets still use the older standard.
Tests showed that 1,000 cards in Europe and North America exhibited signs of the flaw. Nohl, who plans to detail the flaw at the Black Hat security conference in Las Vegas next month, said he has already shared the results of his two-year study with GSM Association, a trade group representing the cell phone industry.
GSM Association spokeswoman Claire Cranton told the Times that her organization had already passed the results on members of its group that still rely on the older standard.
“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” Cranton said in a statement.
Nohl, who has a doctorate in computer engineering from the University of Virginia, made headlines in 2008 by publicizing weaknesses in wireless smart card chips used in transit systems around the globe. A year later, he cracked the algorithm used on GSM (Global System for Mobile Communications) cell phones, which is designed to prevent attackers from eavesdropping on calls.
Security researcher Karsten Nohl says some SIM cards can be compromised because of wrongly configured Java Card software and weak encryption keys; Photo credit Luca Melette
Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there’s still one part of your mobile phone that remains safe and un-hackable: your SIM card.
Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.
Nohl, who will be presenting his findings at the Black Hat security conference in Las Vegas on July 31, says his is the first hack of its kind in a decade, and comes after he and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud….