SIM Card Flaw Opens Millions of Phones to Attack
A SIM card is a necessity for most cell phones.
CREDIT: Public Domain
Even though it's one of the simplest components in a cellphone, older SIM cards are still vulnerable to attack, leaving approximately 750 million users one exploit away from being compromised, according to German security researcher Karsten Nohl.
A subscriber identity module (SIM) card is a vital component in cellphones, which assigns each user a unique identity in order to route calls properly. Most SIM cards can also keep track of a user's entire contact list and payment information.
Nohl discussed the issue on his blog in preparation for a more comprehensive exploration of the topic at the Black Hat hackers' conference Aug. 1 in Las Vegas.
"The cards are [hackable] through custom Java software," he wrote. "While this extensibility is rarely used so far, its existence already poses a critical hacking risk."
Hacking a SIM card is a two-step process that relies on a flaw in the card's internal architecture. Older SIM cards employ cryptography right out of the 1970s. By cracking a SIM card's ID, a hacker can impersonate an admin and access all of its functions.
To begin the procedure, a hacker sends a binary message to the SIM card, which resembles a standard over-the-air update. The card usually doesn't fall for the phony update, but can return an error code with a unique signature (Nohl pointed out that not every SIM card will provide this compromising data). A hacker can transfer this code to a computer and decode a direct route into a SIM card.
After acquiring a SIM's signature, a hacker can distribute Java-based malware to gain control over a SIM card's functions. On most cards, this can redirect phone numbers and discover a phone's location. More sophisticated apps and less secure cards also allow hackers to access contact lists and payment information. [See also: The Top 10 Threats to Your Smartphone]
The good news is that users who have newer phones (especially smartphones) or older phones on Verizon Wireless or Sprint don't need to worry about this vulnerability. New SIM cards have stronger encryption, while Verizon Wireless and Sprint did not use traditional SIM cards until recently.
Even so, not everyone has a new phone, and Nohl estimates that 750 million active phones may still be vulnerable. Each SIM card has a unique code, so launching a mass attack could prove difficult, but there would be plenty of victims to choose from.
Nohl urges phone companies to adopt better SIM cards, implement firewalls and allow users to disallow over-the-air messages from unknown sources. Users have only one recourse: buy a newer phone.