A SIM CARD EXPLOIT that could leave millions of mobile phones vulnerable to hacking has been uncovered by German security firm Security Research Labs (SRL).
The research, which is due to be presented at the Black Hat security conference next week, has been detailed on a blog post by SRL founder and cryptographer Karsten Nohl, who said that the use of outdated 1970s cryptography could be exploited, granting hackers access to a device's location and SMS functions.
In the blog post, Nohl explained that the 56-bit Data Encryption Standard (DES) algorithm used for many SIM cards' signature verification is weak and outdated and thus "poses a critical hacking risk".
The security researcher found that it was possible to exploit a SIM card's SMS over the air (OTA) update system that is built with Java Card, that is, a subset of Java that allows applets to run on small memory devices.
"OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM," said a blog post on SRLabs.de.
"While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher."
In an experiment, SRL sent an improperly signed binary SMS to a target device using a SIM encoded with DES, which was not executed by the SIM because of a signature verification failure. However, while rejecting the code, the SIM responded with an error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.
Nohl explained that with this key in hand hackers are able to sign malicious software updates with the key and send those updates to the device. The attacker is also able to download Java Card applets, send SMS messages, change voice-mail numbers, and query location data.
"This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card," Nohl added.
Nohl listed three ways that mobile phone manufacturers can defend users against this SIM vulnerability, including SIM cards that support state-of-art cryptography with sufficiently long keys, do not disclose signed plain-texts to attackers, and implement secure Java virtual machines.
Another additional protection Nohn recommended was a SMS firewall anchored into handsets. "Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including 'silent SMS'," Nohl said.
The final defense listed by Nohl was "in-network SMS filtering", which would require filtering at the phone network level.
The research, which is due to be presented at the Black Hat security conference next week, has been detailed on a blog post by SRL founder and cryptographer Karsten Nohl, who said that the use of outdated 1970s cryptography could be exploited, granting hackers access to a device's location and SMS functions.
In the blog post, Nohl explained that the 56-bit Data Encryption Standard (DES) algorithm used for many SIM cards' signature verification is weak and outdated and thus "poses a critical hacking risk".
The security researcher found that it was possible to exploit a SIM card's SMS over the air (OTA) update system that is built with Java Card, that is, a subset of Java that allows applets to run on small memory devices.
"OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM," said a blog post on SRLabs.de.
"While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher."
In an experiment, SRL sent an improperly signed binary SMS to a target device using a SIM encoded with DES, which was not executed by the SIM because of a signature verification failure. However, while rejecting the code, the SIM responded with an error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.
Nohl explained that with this key in hand hackers are able to sign malicious software updates with the key and send those updates to the device. The attacker is also able to download Java Card applets, send SMS messages, change voice-mail numbers, and query location data.
"This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card," Nohl added.
Nohl listed three ways that mobile phone manufacturers can defend users against this SIM vulnerability, including SIM cards that support state-of-art cryptography with sufficiently long keys, do not disclose signed plain-texts to attackers, and implement secure Java virtual machines.
Another additional protection Nohn recommended was a SMS firewall anchored into handsets. "Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including 'silent SMS'," Nohl said.
The final defense listed by Nohl was "in-network SMS filtering", which would require filtering at the phone network level.