Feeds

How I hacked SIM cards with a single text - and the networks DON'T CARE

US and Euro telcos won't act until crims do, white hat sniffs

Choosing a cloud hosting partner with confidence

Karsten Nohl, the security researcher who broke into SIM cards with a single text, has told The Register he is dismayed by the mobile industry's lukewarm response to his revelations - and has revealed, for the first time, exactly how he did it.

Nohl thought exposing the flaws in SIM security would force the telcos to fix them. Theoretically, the two flaws would have worked in tandem to intercept calls and threaten the security of wireless NFC applications - such as pay-by-wave and other contactless payments.

The German expert now claims that the most serious of the two flaws has been deliberately ignored by an industry that wants to, allegedly, keep the backdoor ajar so that it can silently roll out software updates to handsets... a gaping access route that may not be closed until it's too late.

Nohl discovered he could infiltrate SIM cards by sending specially formatted SMS messages, and found a flaw that would enable him to break out from the cards' inbuilt security sandbox. Yet he was astonished to discover that despite publicly announcing patches and giving every impression of caring, the industry had – according to Nohl – actually done nothing to fix the problems.

"We thought our story was one of white-hat hacking preventing criminal activities," Nohl told El Reg, lamenting that "as there is no crime, so no investigation". Despite CNN reporting that his own flaw had been used to distribute a fix, Nohl told us that the JavaCard bug was "here to stay" and was so "obvious" that it has to be "a backdoor, gross negligence, or both".

Safety by numbers

The first exploit, enabling an attacker to install an application in the secure storage area of a SIM card, has been examined in these pages before, but that only represents a threat if the injected software can break out of the JavaCard sandbox. Nohl claimed that was possible, but until now hasn't explained exactly how.

JavaCard is an operating system, sharing only a name and some syntax with the Java language. JavaCard licensees get a reference implementation from Oracle and then add their own secret source code to differentiate their products, so not all manufacturers' SIMs had this flaw – but many did.

Java, even the version used by JavaCard, is supposed to be "memory safe" in that there are no pointers with which one can read, or write to, arbitrary locations in memory. Cardlets (as JavaCard apps are known) can only reference data structures they create themselves, and there's no mechanism for inter-cardlet communications.

What Nohl discovered was that by referencing a variable which referenced a variable which referenced an array he could bypass the bounds check that JavaCard is supposed to perform. Create an array of 10 elements, reference it from a distance and address the eleventh location, and secured memory is yours to explore – and rewrite – as you wish. Exploiting this to malicious ends is left as an exercise for the reader.

Nohl says he warned Gemalto, the world's largest SIM card manufacturer – which is among those SIM-makers whose cards exhibit the flaw – about the existence of the bug. Gemalto, Nohl alleges, told him that it didn't matter – only signed applications could be run so their ability to breach the sandbox was irrelevant.

But the researcher points out that in 2010 Gemalto was able to upgrade bank cards in the field after a calendar bug broke millions of German cards. Bank cards are not designed to be upgraded after being issued, and Nohl contends that a similar flaw was exploited then.

The Register put both of Nohl's allegations to Gemalto, but it had not responded at the time of publication.

GSM standard

It's the combination of SMS exploit (to gain the application key) and JavaCard flaw (to break out of the sandbox) that makes the situation worrying, along with Nohl's contention that network operators have become overly reliant on the GSM standard and are losing the skills necessary to secure their systems.

"Smaller networks don't even know what the SIM cards are configured to do," he told us. He claimed that in the US, network operator Sprint isn't authenticating or encrypting SIM updates at all, and that both Vodafone and Telefonica are still issuing SIM cards with the insufficiently secure 56DES cryptography.

We've asked Voda and Telefonica about Nohl's claims, but only had a response from Vodafone UK by the time of publication: the telco said that (in the UK at least) strong encryption has been mandated for "many, many, years".

This is still quite an obscure attack, requiring a hacker familiar with the memory layout (the soft mask) of the SIM, and one prepared to send the multiple SMS messages necessary to crack the software update key. For the moment the effort probably outweighs the payoff, but that will change as SIMs increasingly host banking and loyalty apps (as well as popular social networking services like Facebook Chat), making them a more attractive hacker target.

As Nohl put it: "Skills are underdeveloped because the crimes are underdeveloped ... crime is even more convincing than anything."

Until there's a serious crime using this insecurity, the vulnerabilities in our SIM cards will probably remain. ®

Internet Security Threat Report 2014

More from The Register

next story
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Edward who? GCHQ boss dodges Snowden topic during last speech
UK spies would rather 'walk' than do 'mass surveillance'
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
China is ALREADY spying on Apple iCloud users, claims watchdog
Attack harvests users' info at iPhone 6 launch
Carders punch holes through Staples
Investigation launched into East Coast stores
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.