November 23, 2024
Sim Card Hack Exposes Millions of Phones Worldwide

Sim Card Hack Exposes Millions of Phones Worldwide

Posted July 22, 2013 at 2:53pm by iClarified
Spanish
A flaw in encryption technology used in some SIM cards could leave millions of phones exposed to spying according to Karsten Nohl.

The vulnerability allows attackers to send a spoof text message to the device which in return reveals the 56-bit data encryption standard key (DES). With this key, the attacker could install malicious software on the device and have the ability to listen in on your phone calls, access/send text messages and much more in just 2 minutes.

About half of the SIM cards today still rely on the older DES encryption rather than a more secure triple-DES encryption. However, Nohl was able to access around 25% of SIM cards in his testing. He estimates that 750 million phones could be affected by this vulnerability.


Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it

Nohl described the attack in much more detail as well.

In early 2011, Nohl’s team started toying with the OTA protocol and noticed that when they used it to send commands to several SIM cards, some would refuse the command due to an incorrect cryptographic signature, while a few of those would also put a cryptographic signature on this error message.

With that signature and using a well known cryptographic method called rainbow tables, Nohl was able to crack the encryption key on the SIM card in about one minute. Carriers use this key to remotely program a SIM, and it is unique to each card.


“Anybody who learns the key of a particular SIM can load any application on the SIM he wants, including malicious code,” says Jasper Van Woudenberg, CTO North America of smart-card security firm Riscure.

“We had almost given up on the idea of breaking the most widely deployed use of standard cryptography,” says Nohl, but it felt “great” to finally gain control of a SIM after many months of unsuccessful testing.

With the all-important (and till-now elusive) encryption key, Nohl could download a virus onto the SIM card that could send premium text messages, collect location data, make premium calls or re-route calls. A malicious hacker could eavesdrop on calls, albeit with the SIM owner probably noticing some suspiciously-slow connections.

Nohl was also the security researcher who exposed GSM's weak encryption that allowed anyone with the right tools to listen in on cellphone calls. As a result of his work the systems used to encrypt GSM calls were strengthened. Nohl believes carriers must phase out SIMs using DES and implement better filter technology to block spoofed messages.

Read More via PCMag

Sim Card Hack Exposes Millions of Phones Worldwide
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
iClarified Icon
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (13)
You must login or register to add a comment...
Robert Billaud
Robert Billaud - July 23, 2013 at 2:07pm
And for the irony factor at the bottom of this discussion is an ad for Tile. "Stick a Tile to anything and track it with your iOS device." Anyone see a problem with that?
gamerscul9870
gamerscul9870 - July 23, 2013 at 3:39pm
find my iphone would find it.
gamerscul9870
gamerscul9870 - July 23, 2013 at 6:12am
Well then that's why we stay with out old phones and not pay for new ones everytime a new one comes out, just a thought.
gamerscul9870
gamerscul9870 - July 23, 2013 at 7:20am
our*
Whatamidoinghere
Whatamidoinghere - July 23, 2013 at 7:34am
Same :)
iH85CH001
iH85CH001 - July 22, 2013 at 9:27pm
Obama will love this.
El Compa
El Compa - July 22, 2013 at 8:46pm
Whenever you deal with binary numbers there will ALWAYS be a way to hack it. Nothing is a surety.
Whatamidoinghere
Whatamidoinghere - July 23, 2013 at 7:35am
True though.. Anything coded will eventually be hacked
Nicko
Nicko - July 23, 2013 at 1:59pm
If one was to access the binary of your identity online im sure that would make it possible to change your age, ID etc drink up boy ;)!!
Whatamidoinghere
Whatamidoinghere - July 22, 2013 at 7:02pm
which company SIM cards? Is this just in America?
Saul
Saul - July 22, 2013 at 4:59pm
Why are there so MANY HACKERS!?!?!?
Ajay
Ajay - July 23, 2013 at 7:09am
Because every talanted man does not have a job.
Besart
Besart - July 22, 2013 at 4:21pm
Great a lot of security breaches lately. I bet our fridge now will get hacked and hackers will have access to all of our food and drinks.
Recent. Read the latest Apple News.
RECENT
Tutorials. Help is here.
TUTORIALS
Where to Download macOS Sequoia
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.
DEALS