Your SIM Cards may be Hijacked!
No one knows how many mobile phones are currently in use with old-school DES-encrypted SIM cards inside, but the number could reach into the hundreds of millions, and it appears all of those phones could easily be hijacked. Hackers could access not only personal identification data, but also payment information stored on the cards. Most of the vulnerable devices are probably outside the U.S. About 25 percent of mobile phones currently in use may be vulnerable because they rely on 1970s-era Data Encryption Standard security.
Out of 1,000 SIM cards, 250 used DES instead of more advanced approaches such as triple DES or the Advanced Encryption Standard.
About 7 billion SIM cards are used worldwide, Survey Research estimated, so as many as 1.75 billion of them could conceivably be employing DES security, putting owners of phones with those SIM cards at risk.
Users in the United States should be safe because “most SIMS that use DES are 10 years or more old.
Security Research’s Findings
- DES keys can be cracked within days using field programmable gate array clusters or even faster using rainbow tables.
- Over the air updates, which are used by mobile OS developers and mobile app vendors, might be the entry point for hackers.
- Hackers get a DES OTA key by sending a binary SMS message to a target device. Although the SIM card does not execute the improperly signed OTA command, it will often respond by sending back an SMS containing an error code with a cryptographic signature. This can be cracked in two minutes using a rainbow table.
- The attacker could send a properly signed binary SMS to the device that would download Java applets onto the SIM. SIMs have predefined functions that include letting applets send SMS, change voicemail numbers and query the phone location.
- Java applet access is supposed to be restricted to surfaces predefined by Java sandboxes, but Security Research found that the sandbox implementations of at least two major SIM card vendors were not secure and let a Java applet access the rest of the card. This could let hackers clone millions of SIM cards, including mobile identities and payment credentials stored on the cards.