Hundreds of millions at risk from SIM card vulnerability

Share this article:
A research group recently exposed a flaw in SIM cards that allows attackers to compromise devices.
A research group recently exposed a flaw in SIM cards that allows attackers to compromise devices.

Berlin-based Security Research Labs flipped the mobile security market upside-down recently when they published reports about just how vulnerable SIM cards are to cyber attacks.

Karsten Nohl, founder of Security Research Labs, said his company had been working to crack SIM cards for three years and they finally found a way to do it – most notably without raising alarms.

“We have a way of breaking SIM cards remotely,” Nohl told SCMagazine.com on Monday, “without any evidence [and with] no way of preventing it or even noticing it.”

An attacker who takes advantage of the vulnerability, Nohl said, will be able to download software onto the victim's SIM card, locate the phone, send texts and make phone calls to any phone number – including pricey premium numbers – and ultimately operate the device as the normal owner would.

Anything else stored on the SIM, such as credit card information, is also accessible, said Nohl, adding some finance groups are looking to move transaction payments to phones and that it might represent additional problems since the information will be stored on the SIM.

What is opening up this kind of vulnerability to hundreds of millions of mobile phones worldwide, out of nearly seven billion SIM cards in existence, is the use of antiquated Data Encryption Standard (DES) technology for over-the-air (OTA) Short Message Service (SMS) transmissions used by mobile carriers.

Network operators use OTA SMS transmissions for things such as delivering updates directly to the SIM card and Nohl said an attacker can do something similar by playing a game of send-and-receive with binary SMS messages.

The SIM card hacker will eventually derive a signature that can be used to upload small applications – known as applets – to the device and it is through these applets that the attacker has free reign to take advantage of the device.

“Fortunately we haven't seen any abuse yet,” said Nohl, adding that Security Research Labs released their findings to mobile carriers several months before releasing the report to the public, “but I project it will take criminals six months to recreate results.”

Nohl said big-time carriers have responded to the research and that updated SIM cards – such as Triple Data Encryption Standard or the more secure Advanced Encryption Standard – and use of SMS firewalls are some of the options that will make SIM cards less vulnerable.

Nohl said he will be discussing his findings in greater detail at the upcoming Black Hat conference later this month.

Share this article:

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.