Your SIM Cards may be Hijacked!

sim cardsNo one knows how many mobile phones are currently in use with old-school DES-encrypted SIM cards inside, but the number could reach into the hundreds of millions, and it appears all of those phones could easily be hijacked. Hackers could access not only personal identification data, but also payment information stored on the cards. Most of the vulnerable devices are probably outside the U.S. About 25 percent of mobile phones currently in use may be vulnerable because they rely on 1970s-era Data Encryption Standard security.

Out of 1,000 SIM cards, 250 used DES instead of more advanced approaches such as triple DES or the Advanced Encryption Standard.

About 7 billion SIM cards are used worldwide, Survey Research estimated, so as many as 1.75 billion of them could conceivably be employing DES security, putting owners of phones with those SIM cards at risk.

Users in the United States should be safe because “most SIMS that use DES are 10 years or more old.

Security Research’s Findings

  • DES keys can be cracked within days using field programmable gate array clusters or even faster using rainbow tables.
  • Over the air updates, which are used by mobile OS developers and mobile app vendors, might be the entry point for hackers.
  • Hackers get a DES OTA key by sending a binary SMS message to a target device. Although the SIM card does not execute the improperly signed OTA command, it will often respond by sending back an SMS containing an error code with a cryptographic signature. This can be cracked in two minutes using a rainbow table.
  • The attacker could send a properly signed binary SMS to the device that would download Java applets onto the SIM. SIMs have predefined functions that include letting applets send SMS, change voicemail numbers and query the phone location.
  • Java applet access is supposed to be restricted to surfaces predefined by Java sandboxes, but Security Research found that the sandbox implementations of at least two major SIM card vendors were not secure and let a Java applet access the rest of the card. This could let hackers clone millions of SIM cards, including mobile identities and payment credentials stored on the cards.
Advertisements

About Shiv Kumar Das

I am Agriculture graduate at the Institute of Agriculture and Animal Science(IAAS), Rampur, Chitwan, Nepal.

Posted on September 3, 2013, in Info.. Bookmark the permalink. 8 Comments.

  1. 18 inch dishwasher

    I’m extremely impressed with your writing skills and also
    with the layout on your blog. Is this a paid subject or did
    you modify it yourself? Either way keep up the excellent quality writing, it is uncommon to peer a great weblog like this
    one today..

  2. I read this article completely on the topic of the resemblance
    of most up-to-date and preceding technologies,
    it’s remarkable article.

  3. I think this is one of the most vital info for me.

    And i’m happy reading your article. However should observation on some basic
    issues, The site taste is wonderful, the articles is really great : D.

    Just right task, cheers

  4. Great blog here! Also your web site loads up very fast!
    What web host are you using? Can I get your affiliate link to your host?
    I wish my website loaded up as fast as yours lol

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: