Hundreds of millions at risk from SIM card vulnerability

Share this article:
A research group recently exposed a flaw in SIM cards that allows attackers to compromise devices.
A research group recently exposed a flaw in SIM cards that allows attackers to compromise devices.

Berlin-based Security Research Labs flipped the mobile security market upside-down recently when they published reports about just how vulnerable SIM cards are to cyber attacks.

Karsten Nohl, founder of Security Research Labs, said his company had been working to crack SIM cards for three years and they finally found a way to do it – most notably without raising alarms.

“We have a way of breaking SIM cards remotely,” Nohl told on Monday, “without any evidence [and with] no way of preventing it or even noticing it.”

An attacker who takes advantage of the vulnerability, Nohl said, will be able to download software onto the victim's SIM card, locate the phone, send texts and make phone calls to any phone number – including pricey premium numbers – and ultimately operate the device as the normal owner would.

Anything else stored on the SIM, such as credit card information, is also accessible, said Nohl, adding some finance groups are looking to move transaction payments to phones and that it might represent additional problems since the information will be stored on the SIM.

What is opening up this kind of vulnerability to hundreds of millions of mobile phones worldwide, out of nearly seven billion SIM cards in existence, is the use of antiquated Data Encryption Standard (DES) technology for over-the-air (OTA) Short Message Service (SMS) transmissions used by mobile carriers.

Network operators use OTA SMS transmissions for things such as delivering updates directly to the SIM card and Nohl said an attacker can do something similar by playing a game of send-and-receive with binary SMS messages.

The SIM card hacker will eventually derive a signature that can be used to upload small applications – known as applets – to the device and it is through these applets that the attacker has free reign to take advantage of the device.

“Fortunately we haven't seen any abuse yet,” said Nohl, adding that Security Research Labs released their findings to mobile carriers several months before releasing the report to the public, “but I project it will take criminals six months to recreate results.”

Nohl said big-time carriers have responded to the research and that updated SIM cards – such as Triple Data Encryption Standard or the more secure Advanced Encryption Standard – and use of SMS firewalls are some of the options that will make SIM cards less vulnerable.

Nohl said he will be discussing his findings in greater detail at the upcoming Black Hat conference later this month.

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.