This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

SIM card DES flaw could affect up to 500 million users

Share this article:

Flaws in SIM cards could allow an attacker to take control of one and even clone it.

Presenting at the Black Hat conference this week in Las Vegas, German security researcher Karsten Nohl will present his findings based on the tests of 1,000 SIM cards.

According to Forbes, the encryption and software flaws are based on an old security standard and badly configured code, and could allow hackers to remotely infect a SIM with a virus that sends premium text messages, surreptitiously re-direct and record calls, and carry out payment system fraud, with the right combination of bugs.

Nohl said that just under a quarter of all the SIM cards he tested could be hacked, but estimated that an eighth of the world's SIM cards could be vulnerable, or about half a billion mobile devices. He also said the hack only works on SIMs that use an old encryption technology known as DES.

Nohl said in a blog post that while security updates delivered in over-the-air updates deployed via SMS, the option exists to use state-of-the-art AES or the 3DES algorithm, but many (if not most) SIM cards still rely on the DES cipher.

“To derive a DES over-the-air key, an attacker starts by sending a binary SMS to a target device. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer,” he said.

He said that once the DES key is cracked, the attacker can send a signed binary SMS, which downloads Java applets onto the SIM. These applets can send SMS messages, change voicemail numbers and query the phone location, among many other predefined functions.

To defend against the attack, Nohl recommended an improvement in SIM cards, the use of handset SMS firewalls and in-networking SMS filtering.

A spokeswoman for the GSMA, which represents nearly 800 mobile operators worldwide, said it has reviewed the research.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," said GSMA spokeswoman Claire Cranton.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

StubHub ticketing agency taken for a million pounds

StubHub ticketing agency taken for a million pounds

Police around the world have arrested seven people - thought to have been tied into an international fraud ring - that allegedly defrauded the eBay-owned StubHub online ticketing service of ...

DDoS attacks grow as first DIY kits emerge

DDoS attacks grow as first DIY kits emerge

The latest report from Akamai Technologies has revealed another increase in DDoS attacks and the resurgence of botnets to carry out server-based attacks.

WordPress plugin flaw opens blogs up to cybercriminals

WordPress plugin flaw opens blogs up to cybercriminals

A WordPress plugin called MailPoet - which has been downloaded around 1.7 million times - has placed large numbers of WordPress-based websites at risk of incursion.