SIM card bug targets ‘millions of phones’ with simple hack

Identity theft, a pervasive enemy that has advanced from analogue to digital methods (and is especially spiteful in South Africa) has now become even easier, because of you. If your SIM card is older than three years, you may be leaving yourself open to a villainous reverse-engineering  method that potentially gives hackers the freedom to harness total control of your phone.

The New York Times reports on Karsten Nohl, a Berlin-based security expert who’s discovered a vital flaw in millions of SIM cards, namely that innocent carrier messages (“you have US$10 talk time remaining, please text ‘1’ for more information”) can be masked as a Trojan Horse virus. With the virus in place, a hacker can not only scrape credit card details from you, but even go as far as to become you. Well, the iPhone-owning you.

Here’s how the virus works — Nohl sends a phony SMS to a mobile phone and if the user interacts with the “carrier message”, Nohl can then grab the digital key of the SIM. A fake signature is swapped for the genuine one, and our devices rely on this digital fingerprint to identify carrier messages. Nohl emphasises that “Different shipments of SIM cards either have it or not, it’s very random.” Random or not, it’s a very real threat.

Nohl explains that the hack takes under two minutes and a possible 750-million phones with older SIM cards are affected by the vulnerability. “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

DES explained

To understand your foe, you need to know what you’re up against and in this case it’s an acronym: DES or the Data Encryption Standard was created in 1977 by IBM to secure electronic data. By using a 56-bit key, our SIM data was supposedly protected but by 1999 and because DES’ current encryption was seen as “too small”, it was all but phased out. DES’ successor, the Advanced Encryption Standard (AES) is the current 256-bit encryption method widely used today. But AES is not the favoured method for most SIM vendors, and DES is still prevalent in 3-billion mobile phones. Most SIM vendors, instead of swapping to AES have opted for the “triple DES” encryption method. But this still leaves an estimated 750-million phones in danger.

Nohl says that after a stringent two-year testing period of 1000 SIM cards from various vendors (he refuses to say which vendors have the DES SIM’s in rotation), a full quarter of all tested phones were vulnerable to his two-minute virus. He reported his findings to the GSM Association and in August, will reveal his findings at the Vegas-based Black Hat conference. The GSM Association doesn’t seem fazed by Nohl’s findings, saying that only a small percentage of phones “could be vulnerable.”

Better safe then sorry though, and in lieu of testing your card’s encryption level with a SIM-reader, simply swap it out if it’s three years old.