A German security researcher has discovered a massive vulnerability—one of the first of its kind—in the encryption used by some mobile SIM cards that could potentially allow hackers to remotely take control of their host handsets.
According to a report by The New York Times, the flaw relates to cards using DES (Data Encryption Standard)—an older standard that’s being phased out by a number of manufacturers, but is still used by hundreds of millions of SIMs…
The Times’ Kevin O’Brien has the scoop:
“Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner.”
The report goes on to say that Nohl can complete the entire operation in about two minutes, using your typical personal computer. And he estimates that as many as 750 million phones may contain SIM cards that are vulnerable to attacks.
“We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
Nohl has tested his method on around 1,000 cards across N. America and Europe. He says DES is used in around three billion mobile SIMs worldwide, of which about 25% are susceptible to his hack. But most carriers now use SIMs with AES.
The flaw has been disclosed to the GSMA, a panel of mobile operators that oversee the deployment of GSM networks, who have alerted SIM-makers and other companies involved. And Nohl plans on detailing he exploit at Black Hat next month.