Who Would Have Thought That A SIM Card Could Also Be Hacked
The SIM card is an essential part of modern mobile communication systems and it also stores some essential user information whichmay be basic but is not unimportant. If recent news is to be believed than here’s what it has to say about the SIM card – the security of the SIM has been breached after 20 long years of its existence. According to details, a large number of SIMs are susceptible to the newly discovered hack which allows the hacker to infect a random SIM with viruses that sends premium text messages to the target device and can also record conversations taking place over the phone. In addition, this hack is also capable of gaining access to sandboxed details stored on a SIM by mobile payment apps. This allows the attacker to get hold of essential financial information, including bank and credit card details in a similar fashion in which a mobile phone spy software collects information, details of which could be found on www.stealthmate.com. Karsten Nohl, a German security researcher, recently found a way to acquire the cryptographic key that opens the door to a SIM card and he also demonstrated the method well enough to get people worried about the security of their mobile devices.
Nohl unlocked the cryptographic key to the SIM when he sent his own OTA SMS that were not signed with the correct key. He noticed that some phones showed an error message that also revealed the cryptographic signature. After the first phase, Nohl unlocked the SIM card’s cryptographic key in approximately one minute by using rainbow tables that include a list of plaintext keys/passwords and their encrypted forms. After gaining access to the key, the German security researcher was able to forward apps and viruses to the SIM card, thus enabling him to send premium text messages, record calls, re-route calls, and even zero in on the exact location of the mobile device. This little experiment makes it very clear that a person who has access to a SIM card could do just about everything with your device.
The Many Secrets Of A SIM Card
For the longest time a vast majority of people have considered SIM cards to be small memory storage blocks which are used by mobile phones to connect to a cellular network, while also providing a small space for storing important contact numbers. But the SIM card holds many more secrets than an average phone user might not be able to identify. It doesn’t matter what you considered a SIM card to be in the past, the fact is that this card is actually a mini computer that has its own processor, memory, and an active operating system.
Autopsy Of A SIM Card
Beneath the plastic of a SIM card is installed a chip which supports a processor, ROM (firmware which stored the OS and SIM apps), EEPROM (which stores phone settings, phone book etc.), and RAM. This chip is not an ordinary chip and has been designed with intricate detail.
How To Hack Into A SIM Card
Up till this point we have established that the SIM card is actually a small computer and can therefore be hacked since it has its own operating system that can be attacked from the outside. Latest designs of SIM cards run on a less complex operating system that loads up a Java Card, which is one of the many manifestations of the Java virtual machine for smart cards that also includes SIM cards. The Java Card runs small Java applets and each individual applet is encapsulated and protected by a firewall by the Java virtual machine. This process prevents any personal user information from leaking to other apps. A mobile device regularly communicates with these apps via SIM Application Toolkit (STK) to show information on the mobile screen and also to send information to other devices. New apps are uploaded and existing ones are constantly updated onto the SIM through hidden text messages that are sent by the carrier which contains over-the-air (OTA) programming in binary form. For the SIM to identify the source of the message and accept the incoming information, these messages are signed with a cryptographic key so that the SIM card would know that the information is important and secure.
In addition, Nohl found another bug in the Java Card that can provide a virus or an app complete access to a SIM card by breaking down the firewall enabled by the Java virtual machine. Once the virus bypasses all security gates on the SIM card, it can extract any data saved to the SIM card memory. This includes gaining access to your address book or financial details that have been stored by mobile payment apps.
The Story So Far…
Nohl said that his method allowed him to gain access to SIM cards on some phones because the Triple DES encryption found on new versions of the SIM card could not be easily bypassed. For the general public the best way to handle this issue is to obtain new versions of SIM cards that have been upgraded to Triple DES encryption to secure their mobile phones.
For the time being, security experts believe that the Java Card is susceptible to outside attacks and overcoming these weaknesses would take quite some time. With Kohl’s discovery the field has been thrown wide open for other security researchers and hackers to look for other loopholes in the SIM card. There is no doubt that these vulnerabilities would be thoroughly exploited in the coming days until a powerful encryption is developed for the SIM cards to keep user information safe and outside the reach of unauthorized people.