This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

SIM card DES flaw could affect up to 500 million users

Share this article:

Flaws in SIM cards could allow an attacker to take control of one and even clone it.

Presenting at the Black Hat conference this week in Las Vegas, German security researcher Karsten Nohl will present his findings based on the tests of 1,000 SIM cards.

According to Forbes, the encryption and software flaws are based on an old security standard and badly configured code, and could allow hackers to remotely infect a SIM with a virus that sends premium text messages, surreptitiously re-direct and record calls, and carry out payment system fraud, with the right combination of bugs.

Nohl said that just under a quarter of all the SIM cards he tested could be hacked, but estimated that an eighth of the world's SIM cards could be vulnerable, or about half a billion mobile devices. He also said the hack only works on SIMs that use an old encryption technology known as DES.

Nohl said in a blog post that while security updates delivered in over-the-air updates deployed via SMS, the option exists to use state-of-the-art AES or the 3DES algorithm, but many (if not most) SIM cards still rely on the DES cipher.

“To derive a DES over-the-air key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer,” he said.

He said that once the DES key is cracked, the attacker can send a signed binary SMS, which downloads Java applets onto the SIM. These applets can send SMS messages, change voicemail numbers and query the phone location, among many other predefined functions.

To defend against the attack, Nohl recommended an improvement in SIM cards, the use of handset SMS firewalls and in-networking SMS filtering.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it has reviewed the research.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Microsoft warns on yet another zero-day security flaw

Microsoft warns on yet another zero-day security flaw

Microsoft has warned Windows users about a zero-day security issue with malicious PowerPoint documents being emailed to recipients. The software giant is working on a patch for the problem.

Google launches FIDO-compliant 2FA USB key for Chrome and Gmail

Google launches FIDO-compliant 2FA USB key for Chrome ...

Google has souped up its two-factor authentication (2FA) login process with the launch of Security Key, a physical USB that only works after verifying the login site is truly a ...

Evolving TorrentLocker ransomware generating big money

Evolving TorrentLocker ransomware generating big money

The TorrentLocker ransomware has returned with a vengeance and is starting to bring in big money for its operators.