Pat Pilcher: SIM cards cracked

Herald online

25 Jul, 2013 10:20 PM3 mins to read

IT security experts have uncovered two security vulnerabilities on SIM cards. Photo / Thinkstock

They may be the beating heart inside your mobile phone, but security experts have uncovered two security vulnerabilities on SIM cards could see calls being intercepted, unauthorised purchases made and even identity theft happening.

Discovered by Karsten Nohl, the first vulnerability is based on the use of an old encryption standard in some SIM cards that could allow hackers to remotely place malicious code onto a SIM card that'll send premium text messages (which would quickly get very expensive); record calls, and allows cyber-crims to commit identity fraud.

According to Nohl, an estimated eighth of the world's SIM cards could be vulnerable - this translates into a massive number of phones at risk.

The sheer scale of Nohl's estimate is boggling. Consider this - 24 months ago there were an estimated 1 billion SIM cards in use, today the number is has swelled to over just over 5 billion. Multiply that by the increasingly central role smartphones play in our daily lives, (e.g. making calls, acting as a digital wallet, providing internet access), and the scope for mayhem is massive.

Nohl's discovery revolves around the encryption key used to lock down SIM cards. Some SIM cards use an older form of encryption that can be broken. SIM cards using an updated form of the encryption are however less vulnerable.

If operators need to re-programme your SIM card to add roaming or other capabilities, the re-programming is done remotely via an SMS in what is called over-the-air programming. Accessing the SIM requires the telco knows its encryption key, and this was precisely what Nohl was able to do. In theory if Nohl was able to achieve this, then cyber-crims should also be able to do so, albeit for more nefarious purposes.

Fortunately Kiwi telcos are aware of the issue.

Telecom New Zealand spokesperson, Vicky Gray says "We are aware of this issue. Telecom takes our customers' security extremely seriously as we do with all issues of this nature and we are working with our partners and suppliers to investigate the relevance - if any - for Telecom customers." Likewise Vodafone also stated they are aware of the issue and are also taking it seriously.

In isolation the encryption flaw uncovered by Nohl may be concerning, but things get even more interesting thanks to a second vulnerability also uncovered by Nohl.

Bizarrely this second flaw isn't related to the encryption key vulnerability, but allows hackers to exploit how a SIM card manages code to gain an unprecedented amount of control over the phone. The hack works because a hacker could give the SIM card a command it isn't able to execute which could ultimately result in malicious code gaining full access to all the SIM cards resources.

As alarming as both vulnerabilities sound, the good news is that it should take cyber-crims some time to develop exploits to take advantage of these flaws. By then it is hoped that mobile providers will have the vulnerability fixed.