He and his team tested close to a thousand SIM cards for vulnerabilities, exploited by sending a hidden SMS. SIMs are thought to be one of the most secure parts of a phone. With over seven billion cards in active use, he said SIM cards the de facto trust anchor of mobile devices worldwide. The cards are designed to protect subscribers' mobile identity, associate devices with phone numbers, and may store payment credentials.
Nohl’s research covered the different systems of encryption used to secure SIM cards (stands for Subscriber Identity Module), with one particular standard named DES (Data Encryption Standard) identified as particularly insecure. Dating back to the 1970s DES has long been considered insecure
, with Nohl’s method allowing the encryption to be cracked “within two minutes on a standard computer”.
By sending a text containing a specially designed binary code Nohl was able to trick phones into authenticating him as their network provider, and then able to crack the card's encryption key and download a virus onto the SIM card. So if there were a criminal out there to do the same, what's the worst that could happen? An attacker could control the phone, adding to the victim's bills and credit headaches with sent messages and payment system fraud. He will reveal more details about his "Rooting SIM Cards" research at the Black Hat conference
later this month and he will also talk about "SIM card exploitation" at the OHM (Observe, Hack, Make) hacker camp, an international technology and security conference in the Netherlands, on August 3.
Karsten Nohl, Ph.D from University of Virginia
breaks into secure systems, exploiting their vulnerabilities, and then presents his findings to companies, hoping they fix any issues before they are identified by criminals. The UN’s International Telecommunications Union called the evidence "significant" and is to send an alert to all mobile phone operators
warning of what was revealed, said RT News. The other thing to worry about Nohl warns is surveillance, "because the SIM cards do encrypt all the voice communications originating from a phone as well as data communication. All of this can be intercepted and decoded by a well-equipped surveillance team."
Karsten Nohl is the same person interviewed by Forbes
' Andy Greenberg back in December 2011, talking about GPRS (General Packet Radio Service) that phone encryptions are made to be broken. Whether intentionally or unintentionally, he said, GPRS included flaws that its designers must have known about. "This findings aren’t only meant to demonstrate that Nohl is an uber-skilled codebreaker," said Andy Greenberg.
They didn’t intend to create a perfect cipher. One GSM encryption standard, A5-1, was designed for Western Europe, to protect the GSM maker’s citizens, and one, A5-2 was for export to other countries, and that one was officially, intentionally weakened. They differ only in one little cryptographic fact. This one feature makes one more secure, and the other weak.
That feature is called irregular clocking. it was invented around the time A5-1 was invented, and was purposefully taken out in A5-2.
GSM became not just the standard for Western Europe but for the rest of the world. I’m not sure if it was designed to last 20 years, but it has become the most successful communication standard, even though it was designed in secrecy and focused on preventing the threat of Russians getting their hands on good crypto.
— Karsten Nohl
In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices. Payment fraud could be a particular problem for mobile phone users in Africa, where SIM-card based payments are widespread. Ten years ago there were 1 billion SIM cards worldwide, and today there are more than 5 billion, ABI Research
analyst John Devlin told Forbes.