Sign in with
Sign up | Sign in

Major SIM Card Security Flaw Uncovered

By - Source: The New York Times | B 14 comments

SIM cards using D.E.S. encryption are vulnerable to attack, reveals a recent two-year study.

Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times on Sunday that he has discovered a flaw in the encryption technology used in some SIM cards. This vulnerability could allow hackers to eavesdrop on the device owner while in a call, make purchases through mobile payment systems, and possibly even impersonate the device owner. Around 750 million devices could be vulnerable to attacks thanks to this flaw.

According to the paper, the newly discovered encryption hole allows the attacker to obtain the SIM card's 56-digit key. Nohl said that he was able to acquire a key by sending the target device an SMS using a false signature for the device's wireless carrier. Typically, both the device and wireless carrier verify their identities by comparing digital signatures. If a device recognizes a false signature, it will end transmission.

Nohl said that 75 percent of the messages he sent to cellphones recognized the fake signature and immediately ended transmission. However, the other 25 percent broke off communication as well, but they also sent error messages back to Nohl that included their own encrypted digital signatures. That was enough information for Nohl to derive the SIM card's encryption key.

Thus with the correct key in hand, Nohl proceeded to send a virus to the SIM card using a text message. This virus allowed him to perform the hacks as previously stated: eavesdropping, making purchases and so on. He was able to gain access to the device in just two minutes using a PC.

"We can remotely install software on a handset that operates completely independently from your phone," Nohl said. "We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."

The flaw was discovered in an encryption method developed in the 1970s called D.E.S., or data encryption standard. Over the last ten years, many wireless carriers have adopted a stronger method of encryption called Triple D.E.S., but currently, around half of the six billion cellphones in use today use the older D.E.S. encryption method. This encryption is supposed to disguise the SIM card and the phone's unique signature.

After discovering the flaw, Nohl spent the next two years testing around 1,000 SIM cards on cellphones connected to mobile networks in Europe and North America. These phones and SIM cards were owned and used by himself and his fellow members on the research team. When his research was concluded, Nohl shared the results with the GSM Association through a process of "responsible disclosure."

Nohl told the GSM Association and chip makers that they need to ditch D.E.S. encryption in favor of the newer standards. They also need to use a better filtering system to block the kind of messages he sent, which in turn provided the info needed to gather SIM keys. Consumers using devices with SIM cards older than three years are suggested to request a new one from their wireless carriers.

The full details of Nohl's findings will be revealed on August 1 during the Black Hat conference in Las Vegas. Nohl said he will not disclose the identities of the wireless carriers using the vulnerable SIM cards.

Display all 14 comments.
This thread is closed for comments
  • -1 Hide
    halcyon , July 25, 2013 9:08 AM
    It's always something.
  • -6 Hide
    olaf , July 25, 2013 9:11 AM
    Oh its not on the internet for days now .... late again as usual toms... stick to reviews...
  • -1 Hide
    aoneone , July 25, 2013 9:24 AM
    How come that guy has no eyeball? =(
  • -1 Hide
    house70 , July 25, 2013 9:26 AM
    Now, after a few years, this information is made public. I understand the process of responsibly revealing this info to the respective authorities that can actually take steps to correct this flaw; however, after so many years when the companies involved should have taken the appropriate steps to fix it, I think it is responsible to actually reveal and expose the carriers that have not done enough in all that time, in order to protect the consumer from lazy carriers that put/keep them at risk. He should disclose the identity of the carriers that are STILL using the flawed protocol.
  • -1 Hide
    internetlad , July 25, 2013 10:46 AM
    probably frickin verizon.
  • -1 Hide
    amuffin , July 25, 2013 12:17 PM
    Too many flaws...
  • -2 Hide
    mister g , July 25, 2013 3:42 PM
    Can't be Verizon they don't use SIM cards. Isn't it already well known that for the sake of compatibility GSM is insecure?
  • 2 Hide
    schwizer , July 25, 2013 5:07 PM
    It's not flawed, it's PRISM compatible.
  • -1 Hide
    livebriand , July 25, 2013 6:00 PM
    Can't be Verizon they don't use SIM cards. Isn't it already well known that for the sake of compatibility GSM is insecure?

    Actually, phones with LTE have SIM cards. (even the ones that are also CDMA, Verizon included)
  • -1 Hide
    nevilence , July 25, 2013 6:47 PM
    Oh its not on the internet for days now .... late again as usual toms... stick to reviews...

    someone bitching....old news....stick to shutting up
  • 1 Hide
    agnickolov , July 25, 2013 10:17 PM
    DES does use 56 digits, but they are all only 0s and 1s. It uses a 56-bit key. The way it's worded in the article one might think it's 56 decimal digits...

    DES is considered obsolete for cryptography purposes since it's easy to crack via brute force with today's hardware.
  • -2 Hide
    thecouchguy , July 26, 2013 6:52 PM
    wtf is up with the photo lol. can it also turn you into a zombie?
  • 1 Hide
    ddpruitt , July 26, 2013 9:12 PM
    What's up with everyone using ye ancient encryption systems?

    DES and some of it's brethren like the MD5 hash that everyone uses where made obsolete long ago. Several better encryption systems existed long before SIM cards came into use.

    Technology companies need to remember they're not just building for the hackers of today but the hackers of tomorrow, so you mind not using something that was designed and tested BEFORE I was born?
  • 0 Hide
    brythespy , November 29, 2013 11:35 AM
    How is the picture relevant...