Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rooting SIM Cards

Posted by samzenpus on from the protect-ya-neck dept.

SmartAboutThings writes "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card. Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud."

6 of 73 comments (clear)

  1. Re:Rooting? by mynamestolen · · Score: 4, Funny

    either way, you're rooted

    --
    work in progress
  2. The second link is the important one by Anonymous Coward · · Score: 5, Interesting

    Yes, there actually is a JavaVM autonomously running inside the SIM card. Yes, the provider can install programs on the SIM card that interface with the phone through a standardized API. Yes, this hack enables the attacker to do the same. Yes, the JavaVMs are not secure and breaking out of the sandbox enables the attacker to read the master key which identifies the SIM. Yes, that means the attacker can run a software simulation of a SIM card with your secret SIM key and impersonate you vis-a-vis the network. Yes, all that is possible because some providers still deploy SIM cards that accept binary SMS which are signed with DES. Not 3DES, not AES, which are both in the standard as well, but 56 bit DE fucking S.

    1. Re:The second link is the important one by TuringCheck · · Score: 5, Interesting

      Pretty much none of the major providers issue ancient SIMs with DES OTA signing. For the old cards never replaced they may just deactivate them in HLR and wait for subscribers to complain to support.
      On the other hand cheap Chinese SIMs are still issued in some countries. The only relief is that some of them don't support OTA at all...

  3. Re:I'll tell you what helps too by johanw · · Score: 4, Insightful

    Who cares? The providers have the encryption keys anyway, wether they are single DES or AES. So the government can get access too if they want them and do all kind of nasty tricks. Who else will use it? Some hacker who wants to call expensive paylines using your simcard doesn't buy $100,000 worth of equipment to pull it off only to gain $1000.

  4. Meanwhile at NSA HQ by EEPROMS · · Score: 4, Funny

    Damn we have been busted.

  5. 3 years of research? by swillden · · Score: 4, Insightful

    I clicked the link expecting to find something interesting and novel, perhaps something on par with Kocher's Differential Power Analysis attack, or better. But this guy spent three years to discover that there are a small number of ancient SIMs, not yet removed from service, which use 1DES for securing applet loading? Actually, I'm sure he did no such thing. Typical bad reporting, exacerbated by bad slashdot editing.

    It looks to me like his talk is really about countermeasures to mitigate the risk for these ancient SIMs, on the assumption that they can't be replaced immediately. That's worthy of research and a talk, though it's hardly front-page material.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.