Hijacking SIM Cards through Over-the-Air Updates

We all know that mobile phones have been the focus of cybercriminals for a while now. But Trojanized mobile applications are only one attack scenario. Some problems lie even deeper in your phone. Karsten Nohl, a German researcher who has done a lot of work with GSM networks and mobile phones in the past, has found a critical vulnerability connected to mobile phones.

The target of the attack is the SIM card (Subscriber Identification Module) which is present in all mobile phones. This smart card is responsible for the unique identification number known as the IMSI (International Mobile Subscriber Identity) and also for handling the encryption when communicating with the telephone network. Nohl discovered that many SIM cards, instead of using AES or at least 3DES, still use the DES encryption standard which is known to be weak and easily breakable with today’s hardware.

simcards_cw.png

Figure 1. SIM cards

An attacker can send a cleverly crafted silent binary SMS update message over-the-air (OTA) to the mobile phone, even without knowing the private signing key. The device will reject the unsigned message, but it will also answer with an error code signed with the 56-bit DES private key. This allows the attacker to crack the private key through a brute-force attack. During tests, Nohl was able to break the key in a few minutes using rainbow tables.

Once the key is known, an attacker can go ahead and sign malicious software updates, which are essentially mini Java applets, and send them through OTA updates to the mobile phone. Since the signature matches, the applets will run on the device. Such malicious applets can silently send premium text messages which will generate profit for the attacker or reveal the geo-location of the device.

This alone would be bad enough, but unfortunately some SIM card providers have additional vulnerabilities in their Java implementation, which results in malicious Java applets being able to break out of the sandbox. Hence the applet can read out information from other applets or even extract the master key which is used to derive the encryption keys for voice and data communication. With more and more functions, like mobile payment systems, now relying on the SIM card it makes this vulnerability all the more worrying as it has the potential for a lot of abuse.

Nohl estimates that millions of devices worldwide are susceptible to this attack. Telecommunication providers have been informed and some have already started to filter such OTA messages from the network. Users can check with their provider to see if their SIM card is vulnerable to this attack and, if necessary, upgrade to a newer card which is not vulnerable. Security Research Labs will reveal more details about the vulnerability during upcoming security conferences from which we will be reporting live.