Feeds

How I hacked SIM cards with a single text - and the networks DON'T CARE

US and Euro telcos won't act until crims do, white hat sniffs

SANS - Survey on application security programs

Karsten Nohl, the security researcher who broke into SIM cards with a single text, has told The Register he is dismayed by the mobile industry's lukewarm response to his revelations - and has revealed, for the first time, exactly how he did it.

Nohl thought exposing the flaws in SIM security would force the telcos to fix them. Theoretically, the two flaws would have worked in tandem to intercept calls and threaten the security of wireless NFC applications - such as pay-by-wave and other contactless payments.

The German expert now claims that the most serious of the two flaws has been deliberately ignored by an industry that wants to, allegedly, keep the backdoor ajar so that it can silently roll out software updates to handsets... a gaping access route that may not be closed until it's too late.

Nohl discovered he could infiltrate SIM cards by sending specially formatted SMS messages, and found a flaw that would enable him to break out from the cards' inbuilt security sandbox. Yet he was astonished to discover that despite publicly announcing patches and giving every impression of caring, the industry had – according to Nohl – actually done nothing to fix the problems.

"We thought our story was one of white-hat hacking preventing criminal activities," Nohl told El Reg, lamenting that "as there is no crime, so no investigation". Despite CNN reporting that his own flaw had been used to distribute a fix, Nohl told us that the JavaCard bug was "here to stay" and was so "obvious" that it has to be "a backdoor, gross negligence, or both".

Safety by numbers

The first exploit, enabling an attacker to install an application in the secure storage area of a SIM card, has been examined in these pages before, but that only represents a threat if the injected software can break out of the JavaCard sandbox. Nohl claimed that was possible, but until now hasn't explained exactly how.

JavaCard is an operating system, sharing only a name and some syntax with the Java language. JavaCard licensees get a reference implementation from Oracle and then add their own secret source code to differentiate their products, so not all manufacturers' SIMs had this flaw – but many did.

Java, even the version used by JavaCard, is supposed to be "memory safe" in that there are no pointers with which one can read, or write to, arbitrary locations in memory. Cardlets (as JavaCard apps are known) can only reference data structures they create themselves, and there's no mechanism for inter-cardlet communications.

What Nohl discovered was that by referencing a variable which referenced a variable which referenced an array he could bypass the bounds check that JavaCard is supposed to perform. Create an array of 10 elements, reference it from a distance and address the eleventh location, and secured memory is yours to explore – and rewrite – as you wish. Exploiting this to malicious ends is left as an exercise for the reader.

Nohl says he warned Gemalto, the world's largest SIM card manufacturer – which is among those SIM-makers whose cards exhibit the flaw – about the existence of the bug. Gemalto, Nohl alleges, told him that it didn't matter – only signed applications could be run so their ability to breach the sandbox was irrelevant.

But the researcher points out that in 2010 Gemalto was able to upgrade bank cards in the field after a calendar bug broke millions of German cards. Bank cards are not designed to be upgraded after being issued, and Nohl contends that a similar flaw was exploited then.

The Register put both of Nohl's allegations to Gemalto, but it had not responded at the time of publication.

GSM standard

It's the combination of SMS exploit (to gain the application key) and JavaCard flaw (to break out of the sandbox) that makes the situation worrying, along with Nohl's contention that network operators have become overly reliant on the GSM standard and are losing the skills necessary to secure their systems.

"Smaller networks don't even know what the SIM cards are configured to do," he told us. He claimed that in the US, network operator Sprint isn't authenticating or encrypting SIM updates at all, and that both Vodafone and Telefonica are still issuing SIM cards with the insufficiently secure 56DES cryptography.

We've asked Voda and Telefonica about Nohl's claims, but only had a response from Vodafone UK by the time of publication: the telco said that (in the UK at least) strong encryption has been mandated for "many, many, years".

This is still quite an obscure attack, requiring a hacker familiar with the memory layout (the soft mask) of the SIM, and one prepared to send the multiple SMS messages necessary to crack the software update key. For the moment the effort probably outweighs the payoff, but that will change as SIMs increasingly host banking and loyalty apps (as well as popular social networking services like Facebook Chat), making them a more attractive hacker target.

As Nohl put it: "Skills are underdeveloped because the crimes are underdeveloped ... crime is even more convincing than anything."

Until there's a serious crime using this insecurity, the vulnerabilities in our SIM cards will probably remain. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.