Rooting SIM Cards

SmartAboutThings writes "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card. Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud."

The second link is the important one

Yes, there actually is a JavaVM autonomously running inside the SIM card. Yes, the provider can install programs on the SIM card that interface with the phone through a standardized API. Yes, this hack enables the attacker to do the same. Yes, the JavaVMs are not secure and breaking out of the sandbox enables the attacker to read the master key which identifies the SIM. Yes, that means the attacker can run a software simulation of a SIM card with your secret SIM key and impersonate you vis-a-vis the network. Yes, all that is possible because some providers still deploy SIM cards that accept binary SMS which are signed with DES. Not 3DES, not AES, which are both in the standard as well, but 56 bit DE fucking S.

Re:The second link is the important one

[TuringCheck]

Pretty much none of the major providers issue ancient SIMs with DES OTA signing. For the old cards never replaced they may just deactivate them in HLR and wait for subscribers to complain to support.
On the other hand cheap Chinese SIMs are still issued in some countries. The only relief is that some of them don't support OTA at all...

Millions?

[wisnoskij]

So a very small percentage of all SIM cards then.