A researcher has uncovered a way to use vulnerabilities in the SIM (subscriber identity module) cards of millions of mobile phones to sign malicious updates and clone the SIM cards over-the-air.
A SIM card securely stores the international mobile subscriber identity and the related key used to identify and authenticate mobile phone users. In an upcoming presentation at the Black Hat conference in Las Vegas, Karsten Nohl – chief scientist at Security Research Labs – will expose implementation and configuration bugs in SIM cards that can be used to hijack mobile phones.
“Nohl discovered that many SIM cards, instead of using AES or at least 3DES, still use the DES encryption standard which is known to be weak and easily breakable with today’s hardware,” blogged Symantec security researcher Candid Wueest.
“An attacker can send a cleverly crafted silent binary SMS update message over-the-air (OTA) to the mobile phone, even without knowing the private signing key,” he blogged. “The device will reject the unsigned message, but it will also answer with an error code signed with the 56-bit DES private key. This allows the attacker to crack the private key through a brute-force attack. During tests, Nohl was able to break the key in a few minutes using rainbow tables.”
“Once the key is known, an attacker can go ahead and sign malicious software updates, which are essentially mini Java applets, and send them through OTA updates to the mobile phone,” Wueest continued. “Since the signature matches, the applets will run on the device. Such malicious applets can silently send premium text messages which will generate profit for the attacker or reveal the geo-location of the device.”
In a blog post, Security Research Labs posted information about the vulnerabilities. According to the company, the Java virtual machine should ensure that every Java applet only accesses the predefined interfaces. However, Java sandbox implementations of at least two major SIM card vendors are not secure and allow a Java applet can break out of the sandbox and access the rest of the card. In effect, this permits the remote cloning of millions of SIM cards.
According to Security Research Labs, the risk of these attacks can be mitigated by SIM cards implementing state-of-the-art cryptography, including sufficiently long keys and proper implementation of secure Java machines. In addition, each user should be allowed to decide which sources of binary SMS to trust and which ones not to via a SMS firewall on the phone. Finally, remote attackers delivering binary SMS to and from victim phones could be thwarted with in-network SMS filtering, the company argued.
Users can check with their provider to see if their SIM card is vulnerable to this attack and, if necessary, upgrade to a newer card that is not vulnerable, blogged Wueest.
“We all know that mobile phones have been the focus of cybercriminals for a while now,” he wrote. “But Trojanized mobile applications are only one attack scenario. Some problems lie even deeper in your phone.”
The Black Hat conference will be held from July 27 to Aug. 1.