SIM Card Flaw Could Wreak Havoc on Millions of Phones
No one knows how many mobile phones are currently in use with old-school DES-encrypted SIM cards inside, but the number could reach into the hundreds of millions, and it appears all of those phones could easily be hijacked. Hackers could access not only personal identification data, but also payment information stored on the cards. Most of the vulnerable devices are probably outside the U.S.
07/22/13 3:07 PM PT
About 25 percent of mobile phones currently in use may be vulnerable because they rely on 1970s-era Data Encryption Standard security, according to Security Research Labs.
Out of 1,000 SIM cards it tested over two years, 250 used DES instead of more advanced approaches such as triple DES or the Advanced Encryption Standard, the lab said.
About 7 billion SIM cards are used worldwide, Survey Research estimated, so as many as 1.75 billion of them could conceivably be employing DES security, putting owners of phones with those SIM cards at risk.
However, "leading cards typically employ 3DES and AES, and, in some instances, PKI, as used in our e-passports," John Devlin, a practice director at ABI Research, told TechNewsWorld.
"As well as meeting the requirements of groups representing the major payment card brands and high value multimedia content, some are also being tested to house government ID cards, and all require the highest levels of security for SIM cards and devices," Devlin noted.
Users in the United States should be safe because "most SIMS that use DES are 10 years or more old," remarked Carl Howe, a research director at the Yankee Group. "Since that time -- in the U.S. at least -- all the major carriers have changed over to triple DES."
Security Research's Findings
DES keys can be cracked within days using field programmable gate array clusters -- or even faster using rainbow tables, Security Research said.
Over the air updates, which are used by mobile OS developers and mobile app vendors, might be the entry point for hackers.
Hackers get a DES OTA key by sending a binary SMS message to a target device. Although the SIM card does not execute the improperly signed OTA command, it will often respond by sending back an SMS containing an error code with a cryptographic signature. This can be cracked in two minutes using a rainbow table, according to Security Research.
The attacker could then send a properly signed binary SMS to the device that would download Java applets onto the SIM. SIMs have predefined functions that include letting applets send SMS, change voicemail numbers and query the phone location.
Java applet access is supposed to be restricted to surfaces predefined by Java sandboxes, but Security Research found that the sandbox implementations of at least two major SIM card vendors were not secure and let a Java applet access the rest of the card. This could let hackers clone millions of SIM cards, including mobile identities and payment credentials stored on the cards.
Security Research founder Karsten Nohl will present his firm's findings at the Black Hat conference to be held in Las Vegas at the end of this month.
Security Research did not respond to our request for further details.
It's All Right, Ma
"I doubt anyone really knows how many SIMs are still left running single-DES algorithms," the Yankee Group's Howe told TechNewsWorld. "Most of them are probably in landfills or in desk drawers in obsolete phones. Twenty-five percent of existing phones sounds optimistic for me."
It's likely that only 10 percent of the SIM cards deployed actually use the old DES algorithm, ABI's Devlin suggested. They are likely to be found "in the very low-end devices, typically in emerging markets, so any vulnerabilities will be limited to the level just above those."
This "limits the level of threat, as this group would not typically have high-value data or financial transactions which fraudsters or criminals would target," he pointed out.
While the flaw might have affected millions of older phones, "this might be a windfall for mobile phone manufacturers," said Howe, "who can now offer to replace your older, less-secure phone with a nice new modern one without the security flaw."