Smartphones are increasingly becoming the target of hacking attempts, as people store more and more data on their devices, but there is one part of the phone that was always thought to be un-hackable – the SIM card.
Now Karsten Nohl, a German cryptographer with Security Research Labs, claims to have found an encryption flaw that could potentially affect millions of SIM cards, and open up a new route for surveillance and fraud.
By exploiting this vulnerability, Nohl claims that hackers are able to trick smartphones into granting access to the device's location and SMS functions, and allow changes to a person's voicemail number – all of which provide plenty of potential for abuse.
SIM cards have traditionally been used to protect the mobile identity of subscribers and associate devices with phone numbers, but the rise of mobile wallet applications, which allow people to pay for goods using their mobile phones, means that payment credentials are also increasingly stored on the SIM card.
Nohl explained in a blog post many SIM cards still use a weak encryption standard dating from the 1970s called DES (Data Encryption Standard), which is relatively easy for a hacker to crack.
In its experiment, Security Research Labs sent a text message containing a request for data to a device using a SIM with DES. The device rejected the request, because it was not properly "signed", but sent back an error code carrying its own encrypted 56-bit private key.
Using a 'rainbow table' – a mathematical chart that helps convert an encrypted private key or password hash into its original form – Security Research Labs was able to decipher encrypted private key in about two minutes, according to the company.
It was then able to use this key to sign malicious software updates and send them to the smartphone. The device was fooled into thinking the software came from a legitimate source and so granted access to sensitive data.
Of the 1,000 SIM cards tested, just under a quarter could be hacked, Nohl told Forbes. Given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable. However, there is no obvious pattern to the flaw beyond the presence of an older encryption standard.
Possible solutions to the problem include ensuring SIM cards use state-of-the-art cryptography with sufficiently long keys, installing an SMS firewall on the device, and using in-network SMS filtering, which prevents text messages from unknown sources from getting through.
Nohl's will present his research, "Rooting SIM cards," at the Black Hat security conference in Las Vegas on 31 July 2013.