LAS VEGAS–Thanks to manufacturers employing old, weak encryption on SIM cards, researchers have found a way to root the cards and get access to billions of mobile devices.
German security researcher Karsten Nohl of Security Research Labs demonstrated the SIM card attack in his talk at the Black Hat USA 2013 conference here Wednesday. Nohl focused on the management interfaces that network operators use to deploy or reconfigure Java applets on the SIM cards, the ways in which these applets communicate with one another, and the access they are granted to the SIM card.
Nohl said that certain management protocols built into the SIM cards are designed to give service providers access to the devices after they’ve been sold to customers by allowing the cards to communicate with one another and with servers belonging to the service providers. The communication between the SIM cards and the service providers are basically text messages that aren’t displayed on the phone but forwarded directly to the SIM card. Nearly every phone in the world, Nohl said, contains a SIM card with the capacity to send and receive these sorts of text messages without the user’s knowledge. In three years, Security Research Labs found just one phone that ignores over-the-air (OTA) communications entirely.
In order to secure these communications, the messages are either encrypted or protected by cryptographic signatures or both. These measures made little difference to Nohl as he managed to crack the messages no matter what protection was used. The keys are largely based on the old DES algorithm. The OTA server and the SIM card use the same key – likely a decision made to conserve space on the SIM cards. You figure out the key and you can trick the SIM card into thinking that you are the network provider. The vast majority of SIM cards still use at least one DES key – most cards have multiple keys that are used for various purposes. Some manufacturers are upgrading to 3DES and fewer still are deploying AES, but these more secure keys are only on the most recently manufactured SIM cards, not the one already in phones.
In a demonstration of the attack, Nohl showed that he could intercept the communications between the network providers and SIM card and use a brute force attack to crack the DES key, but this method was too slow and too expensive. The better way to get root access to SIM cards, he found, involved delivering an incorrectly signed, OTA update command to the SIM card. The error elicited a response from the card that contained the device’s cryptographic signature.
“So you send something wrong to the card,” Nohl reiterated, “and it responds by telling you that you did something wrong, but signs it with a DES key.”
Once Nohl received that cryptographic hash function in an error message, he ran it through a rainbow table and reverse engineered the card’s 56-bit DES OTA key, which he then used to gain complete control of the SIM Card.
Once an attacker cracks the key, he can commit premium SMS fraud, circumvent caller-ID checks, manipulate voice-mails, redirect incoming calls and text messages, abuse USSD payments, track and phish users, install malware on their devices, or perform any other browser-based attack. With data access enabled, Nohl claims an attacker can clone SIM cards, decrypt 2G, 3G, and 4G traffic, clone NFC takers and future SIM applications, and alter the operating system to prevent future patching.
In a press conference ahead of his talk, Nohl suggested that some of the wireless carriers are quite simply making poor technological decisions in order to save money. A number of network operators have already resolved the underlying vulnerability that Nohl’s demonstration exploited. Other operators scoffed at or even refused to examine his research, claiming – for various reasons ranging from the use of encryption to a false belief that their cards did not communicate via OTA in the first place – that their SIM cards were not affected by Nohl’s work.
In most cases though, Nohl said that the network providers received and responded to his research in an incredibly positive fashion.
At least one provider, Nohl said, used the Java vulnerability that Nohl found and installed a Java applet on their own card. The provider then hacked into the card and rewrote parts of the operating system in order to upgrade the keys and communication protocols to use 3DES encryption. In other words, the provider used Nohl’s exploit to get root access so that they could fix their own SIM cards.
“How’s that for adopting hacker mind-set in the industry?” Nohl said.