Henry Dalziel | General Hacking Posts, Hacker Hotshots, Latest InfoSec News | July 27, 2013
Last week the world was made aware of a SIM card vulnerability that was detected by Karsten Nohl, an InfoSec pro from Security Research Labs in Berlin, that could infect a staggering 500 million smartphones! There are an estimated seven billion SIM cards living in the wild so this hack doesn’t affect all SIM’s, rather, only a particular type and percentage of the overall worldwide usage of smartphones.
The general idea is that the hack involves being able to access the subscriber identity module (SIM) cards encryption key that stores the users personal data. Obviously, once they have that data (which includes the unique International Mobile Subscriber Identity and associated encryption authentication key) then the hacker can clone that exact SIM card and basically pretend to be that phone. What is amazing, and what has clearly taken phone manufacturers by storm is that the exploit is executed by simply sending a specially configured (and cloaked) SMS to the victims phone! Sending an attack by SMS sounds insanely simple especially since receiving an SMS is hardly ever questioned by the recipients (victim’s) phone.
Our understanding is that this could be scaled and in essence a ‘smartphone bot army’ could be created and remotely commandeered in attacks that allow cyber criminals to access secure payments and more! One of the questions asked this Thursday during our Hacker Hotshot web show with Brent Huston asked whether he thought that mobile crime will (as predicted) become one of the major threats and cyber crimes of the future? The answer, unsurprisingly, was yes! This SIM card vulnerability simply adds weight to the fact that smartphones can, and will, be hacked for criminal gain.
Also, since we are on the subject of communications, don’t forget to check out our “How to hack VoIP” mini-course July 31st at 1200 EST – it’s only 15 minutes long and promises to be an excellent tutorial on how you can toughen your VoIP posture.
Summary of the SIM Hack from the hackers’ own words:
“We broke a significant number of SIM cards, and pretty thoroughly at that”
“We can remotely infect the card, send SMS from it, redirect calls, exfiltrate call encryption keys, and even hack deeper into the card to steal payment credentials or completely clone the card. All remotely, just based on a phone number.”
In true white hat fashion Karl has not made any comment on the smartphones or SIM manufacturers and models that contain these SIM card vulnerabilities, but in true Black Hat (conference) style, Karl will be presenting at the conference in Vegas and will likely shed more light on his research. His presentation is titled simply: “Rooting SIM Cards“. We hope to have him on Hacker Hotshots soon so stay tuned!
If this revelation of SIM card vulnerability escalates and the media breath more air into the story then consumers, already slightly shaken by the PRISM Scandal, will begin to feel suspicious as to whether their devices are safe.
Whilst PC sales are undeniably declining we move into a mobile device world and BYOD in the office, the smartphone is a treasure trove of information for cyber criminals and, lets face it, corporate espionage. A stolen-for-hire phone would contain a huge amount of data on your competitor and from our research, there doesn’t really seem to be a solid mass-consumer solution for encryption and security when a phone is lost or stolen.
Cell phones could really become the weakest link in an organization’s attack profile and CISO’s and CTO’s should be taking this issue very seriously – not least with this new revelation of SIM card cloning that could be achieved by simply sending an invisible SMS to a victims phone!