A new report has revealed that SIM card hacking may be possible with the use of outdated cryptography methods. Karsten Nohl, noted cryptographer from Security Research Labs, has discovered a way to fool mobile phones into accessing the device’s SMS functions, location, and even allow changes to the user’s voicemail number.
The Subscriber Identification Module card (SIM card) is a small, card-like data storage inserted into a mobile device. The SIM card ties it to a phone number and authenticates software updates and commands that are sent over-the-air from a wireless carrier. Over 7 billion SIM cards are being used worldwide, and while each one uses encryption when communicating with operator, the standards being used vary.
The report, which will be presented at the Black Hat security conference in Las Vegas this July 31, has found that weak encryption standards make SIM card hacking possible, as most SIMs use Data Encryption Standard. Developed in the 1970s, the DES has long been considered obsolete while many mobile operators have moved on to more secure forms.
Nohl demonstrates that it is relatively easy to discover the SIM card’s private key, which is used to sign DES-encrypted content. Security Research Labs sends a binary code through SMS to a mobile device with DES-encrypted SIM card. Since the binary code is not properly cryptographically signed, it would not be installed in the device.
However, as the phone rejects the code, the SIM card sends back an SMS containing an error code that includes the SIM’s own encrypted 56-bit private key. Hackers can easily decrypt the private key using known cracking techniques, such as the rainbow table–a mathematical chart that quickly helps convert encrypted private key into its original form.
With the decrypted private DES key in hand, hackers can then “sign” malware-riddled updates with the key and send it back to the device. This time, the device thinks the update comes from a legitimate source and allows it to gain access to sensitive data.
The report also outlines possible SIM card hacking scenarios, such as an attack that could form the SIM to download Java applets that would be “allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions.”
The firm suggests that wireless carriers should adapt state-of-the-art cryptography methods in their SIM cards, as well as use Java virtual machines that prohibit applets’ access to certain information.
Source: ComputerWorld
