Rooting SIM Cards

SmartAboutThings writes "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card. Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud."

Re:I'll tell you what helps too

[johanw]

Who cares? The providers have the encryption keys anyway, wether they are single DES or AES. So the government can get access too if they want them and do all kind of nasty tricks. Who else will use it? Some hacker who wants to call expensive paylines using your simcard doesn't buy $100,000 worth of equipment to pull it off only to gain $1000.

3 years of research?

[swillden]

I clicked the link expecting to find something interesting and novel, perhaps something on par with Kocher's Differential Power Analysis attack, or better. But this guy spent three years to discover that there are a small number of ancient SIMs, not yet removed from service, which use 1DES for securing applet loading? Actually, I'm sure he did no such thing. Typical bad reporting, exacerbated by bad slashdot editing.

It looks to me like his talk is really about countermeasures to mitigate the risk for these ancient SIMs, on the assumption that they can't be replaced immediately. That's worthy of research and a talk, though it's hardly front-page material.