Berlin-based Security Research Labs flipped the mobile security market upside-down recently when they published reports about just how vulnerable SIM cards are to cyber attacks.
Karsten Nohl, founder of Security Research Labs, said his company had been working to crack SIM cards for three years and they finally found a way to do it – most notably without raising alarms.
“We have a way of breaking SIM cards remotely,” Nohl told SC, “without any evidence [and with] no way of preventing it or even noticing it.”
An attacker who takes advantage of the vulnerability, Nohl said, will be able to download software onto the victim's SIM card, locate the phone, send texts and make phone calls to any phone number – including pricey premium numbers – and ultimately operate the device as the normal owner would.
Anything else stored on the SIM, such as credit card information, is also accessible, said Nohl, adding some finance groups are looking to move transaction payments to phones and that it might represent additional problems since the information will be stored on the SIM.
What is opening up this kind of vulnerability to hundreds of millions of mobile phones worldwide, out of nearly seven billion SIM cards in existence, is the use of antiquated Data Encryption Standard (DES) technology for over-the-air (OTA) Short Message Service (SMS) transmissions used by mobile carriers.
Network operators use OTA SMS transmissions for things such as delivering updates directly to the SIM card and Nohl said an attacker can do something similar by playing a game of send-and-receive with binary SMS messages.
The SIM card hacker will eventually derive a signature that can be used to upload small applications – known as applets – to the device and it is through these applets that the attacker has free reign to take advantage of the device.
“Fortunately we haven't seen any abuse yet,” said Nohl, adding that Security Research Labs released their findings to mobile carriers several months before releasing the report to the public, “but I project it will take criminals six months to recreate results.”
Nohl said big-time carriers have responded to the research and that updated SIM cards – such as Triple Data Encryption Standard or the more secure Advanced Encryption Standard – and use of SMS firewalls are some of the options that will make SIM cards less vulnerable.
Nohl said he will be discussing his findings in greater detail at the upcoming Black Hat conference later this month.