This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

SIM card DES flaw could affect up to 500 million users

Share this article:

Flaws in SIM cards could allow an attacker to take control of one and even clone it.

Presenting at the Black Hat conference this week in Las Vegas, German security researcher Karsten Nohl will present his findings based on the tests of 1,000 SIM cards.

According to Forbes, the encryption and software flaws are based on an old security standard and badly configured code, and could allow hackers to remotely infect a SIM with a virus that sends premium text messages, surreptitiously re-direct and record calls, and carry out payment system fraud, with the right combination of bugs.

Nohl said that just under a quarter of all the SIM cards he tested could be hacked, but estimated that an eighth of the world's SIM cards could be vulnerable, or about half a billion mobile devices. He also said the hack only works on SIMs that use an old encryption technology known as DES.

Nohl said in a blog post that while security updates delivered in over-the-air updates deployed via SMS, the option exists to use state-of-the-art AES or the 3DES algorithm, but many (if not most) SIM cards still rely on the DES cipher.

“To derive a DES over-the-air key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer,” he said.

He said that once the DES key is cracked, the attacker can send a signed binary SMS, which downloads Java applets onto the SIM. These applets can send SMS messages, change voicemail numbers and query the phone location, among many other predefined functions.

To defend against the attack, Nohl recommended an improvement in SIM cards, the use of handset SMS firewalls and in-networking SMS filtering.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it has reviewed the research.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.