For the last several years, cryptographer Karsten Nohl and his team at Security Research Labs in Berlin have tested about 1,000 SIM cards for vulnerabilities. Give this German cryptographer two minutes on a PC and he can send a send a secret text message that contains a “virus” to a mobile phone’s SIM card, and then basically get “root” and take over the phone. That text can allow him to eavesdrop, make purchases via mobile payment systems and otherwise “trick mobile phones into granting access to the device's location, SMS functions and allow changes to a person's voicemail number.”
Nohl will present his research during “Rooting SIM cards” at the Black Hat security conference in Las Vegas. “We can remotely install software on a handset that operates completely independently from your phone,” Nohl told The New York Times. “We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
While it’s not something you see happening, mobile operators can push out updates via sending hidden text messages to the SIM card, which is like a tiny computer with its own operating system and software. The SIM has a Java Card that runs Java-based programs as if it were a Java virtual machine. Although there are about seven billion SIM cards in “active use,” Nohl estimates “as many as 750 million phones may be vulnerable to attacks.”
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” he told Forbes. His team sent a deliberately false binary code via SMS to a phone using a SIM with a weak encryption standard called DES (Data Encryption Standard) that has been around since the 1970s. The code didn’t include the right cryptographic signature, so the command wasn’t understood and it wouldn’t run. However when the SIM rejected that code, it gave the virus “root” access and sent back an error code that contained its encrypted 56-bit private key. Using a rainbow table, that private DES key was cracked. The whole process takes about two minutes.
Now knowing the private DES key, an attacker can pretend to be the mobile operator and push out malicious software updates to the device. This allowed him to “eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner.” He could “send premium text messages, collect location data, make premium calls or re-route calls,” reported Forbes. “A malicious hacker could eavesdrop on calls, albeit with the SIM owner probably noticing some suspiciously-slow connections.”
He told The New York Times that “in three-quarters of messages sent to mobile phones using DES encryption, the handset recognized the false signature and ended communication.” Only about a quarter sent the error code with its encrypted digital signature, but that’s also equal to about 750 million vulnerable phones.
It’s a double whammy; he found a way to exploit a flaw in DES as well as another way to exploit the Java software in the SIM. “Through over-the-air (OTA) updates deployed via SMS, the cards are even extensible through custom Java software,” Nohl wrote on his company’s blog. “While this extensibility is rarely used so far, its existence already poses a critical hacking risk.”
Nohl explained the second bug to Forbes as “unrelated to the weak encryption key,” but that “it allows even deeper hacking on SIMs” thanks to “a mistake on the part of SIM card manufacturers.”
Java Card uses a concept called sandboxing, in which pre-installed programs like a Visa or PayPal app are shielded from one another and the rest of the SIM card. The term comes from the idea of only allowing programs to “play with their own toys, in their own sandbox,” says Nohl. “This sandboxing mechanism is broken in the most widely-used SIM cards.” The researcher says he found a few instances where the protocols on the SIM card allowed the virus he had sent to a SIM, to check the files of a payment app that was also installed on the card.
Nohl believes badly-configured Java Card sandboxing “affects every operator who uses cards from two main vendors,” including carriers like AT&T and Verizon who use robust encryption standards. Are SIM cards with these 3DES standards vulnerable? Nohl suggests they might be, and that he’ll expound on the details at Black Hat.