MicroSIM card

Cracked encryption allows hackers to potentially clone your SIM, priovided you're still using an out-dated encryption protocol.

Over the weekend some news broke about an exploit that affects millions of phone users. Apparently, the encryption used has a flaw that allows a hacker to clone the encryption credentials of a SIM (Subscriber Identity Module) card, potentially allowing them to clone your SIM card and retrieve things like information about your plan and payments, or identify you on the network.

It sounds scary, and it is for the 500 million affected SIM cards in the wild. But like any good security scare worth it's salt, there's a lot more to the story than we're hearing. Click through and we'll talk about it a bit.

Source: Security Research Labs

How it works

An attacker can send a command that looks a lot like the command your carrier sends to let your phone know there is an over-the-air update ready. This command is invalid, because the attacker doesn't have the correct encryption key. Your phone will then send back an error message that is signed with the correct encryption key. Once the potential hacker has the correct signing key, they can use some software to brute-force crack the key and have a copy of their own. Using this valid key, a new message can be sent about an OTA, which your phone will download because the key is valid. This OTA can be an application that retrieves all your SIM card data, allowing the attacker to clone it.

With this cloned copy of your SIM, they can then authenticate themselves as you on the carrier network. Sounds frightening, right?

What we don't know

There is one big ugly problem with all of this. The encryption method that can be broken, DES-56, was originally cracked in 1998 by the EFF. By now, nobody should be using a known broken encryption method. Of the seven billion plus SIM cards in existence, approximately 500 million are affected.

500 million of anything is a lot, but compared to 7 billion (with a b) it's a small portion. The reports about this flaw all leave out the most vital information -- who, exactly, can be affected by this exploit?

The folks who re-discovered the DES-56 crack, led by Karsten Nohl, chief scientist at Security Research Labs in Berlin, are giving a big speech about the exploit at the Black Hat conference in Vegas at the end of July. Until then, we don't really have the details. We'll let you know more when someone decides to let us know.

In the meantime, put the tin foil away. We'll know all the details in about a week.

 
There are 25 comments

Reader comments

The 'new' SIM card exploit probably doesn't concern you

25 Comments
Sort by Rating

As my hacking professor said: "The only safe computer is one that is powered off, and even then, it's still not really safe."

CDMA isn't LTE

CDMA doesn't use sim cards directly, any cdma only phone does not use sim cards.

Verizon LTE uses sims cards and through a hobbled together authentication system to connect the two largely incompatible systems, the LTE system uses the sim card to tell the legacy CDMA system that the phone is authorized on the cdma network, it's needs middleware to even get the two systems to talk to each other because they are totally different standards.
LTE is based on GSM, that's why it uses sim cards.

No idea, In fact, I'm a little pissed at these security researchers who would announce something like this and knowingly get people worked up, then not tell anyone if they are affected or not or how to check.

All to promote their talk at Black Hat. It seems like they have lost their priorities a little bit.

I disagree with this. They have published enough information about the exploit for carriers to be able to come forward and say "our cards are not affected" (as a number of German carriers have already done. Push your carrier to find out how your sim card is encrypted and whether or not their sim cards do indeed respond to OTAs with an invalid signature which the condition for this to work in the first place. We don't even know what it takes to get that information if all you have is your phone, and neither do you if I understand you correctly. So no need to be pissed. :)

The difference is I'm not sending out press releases telling people that 500 million users cell phones are able to be hacked but you have to wait for my speech in Las Vegas to find out more.

Fearmongering for the sake of publicity is dead wrong.

Jerry, as always, is the voice of reason. I'm more than a little disappointed at a security company trying to squeeze a few more dollars/yen/pounds/euros off of the back of healthy paranoia.

From what I read, it's not just that the SIM uses single DES keys, but also that the SIM software returns a cryptographic checksum of the encrypted error message. They said 90% of the SIMs they tested didn't return a checksum, which means there's nothing available to validate their brute force attack against. And even if the checksum is returned, the checksum isn't very revealing by itself. They'd have to accumulate thousands of encrypted data and checksum combinations, and then brute force try to decrypt each piece of data with one of 2^54 (18 quadrillion) different key values to find the one that works.

So it's not like 500 million SIMs have been compromised. It's that 500 million SIMs are apparently susceptible to this attack. So IF your SIM uses single DES keys, and IF it returns checksums on errors, and IF an attacker targets you specifically and decides it's worth dedicating the procsesing power to trying to crack your key, THEN you've got something to worry about. Let's just say, I'm not losing any sleep over it.

Side note: it's not that single DES is flawed. It's that technology now allows us to easily brute force attack it. The same will eventually be true for triple DES and even AES keys. For example, NIST recommends that triple DES only be used up until 2030.

Im pretty sure of the 500 million of the 7 billion ever made are really old cards and probably not in your S4 or HTC One.