Carriers rush to fix SIM card vulnerability — by hacking into them

How do you fix a major security flaw that could lead to attackers hacking into hundreds of millions of SIM cards? By getting the carriers to hack into them first.

Image: CNET Asia

A bug that could have allowed hackers to exploit a vulnerability in millions of SIM cards, commonly used in mobile phones and other cellular equipment, has been fixed, according to the security researcher who first discovered the flaw.

Germany-based Karsten Nohl of Security Research Labs discovered the flaw after three years of investigative research into SIM card technologies, which are most often used to authenticate and connect GSM phones to cellular networks.

Read this

Best of Show, Black Hat USA 2013 Vendors and Sponsors

Black Hat USA 2013 vendor area included companies such as Veracode, Booz Allen Hamilton and Microsoft, with creative schwag such as Botnets for Breakfast (cereal) and 'hacker' playing cards.

Read More

He discovered that a vulnerability existed where a Java flaw could be exploited by sending a specially-crafted over-the-air (OTA) cryptographically secured text message . SIM cards can contain phone numbers, contact information, and other personally identifiable information to the phone owner.

SIM cards are considered one of the safest technologies around, with almost no exploits publicly available known.

For the size and scale of the potential problem, carriers faced either replacing hundreds of millions of SIM cards which could have cost in the high tens of millions of dollars if not more, or somehow fixing the exploit on device SIM cards. 

He was scheduled to show off his findings at the Black Hat security conference on Tuesday (ZDNet's Violet Blue is on the scene and has more on the event ), but instead he disclosed that carriers and cellular networks had in fact promptly fixed the bug.

According to CNN, Nohl confirmed that the carriers hacked into their own SIM cards using the same vulnerability to fix the flaw inside-out. 

"They're adopting hacking methods to make it more secure," he told attendees at the conference, the news site reported.

Attackers could have run up charges, redirected costs to premium dialers, track devices, and potentially access credit card information if stored on the device.

Though it's not the first time a white hat solution has been employed, it's becoming increasingly common to employ "good" hackers to — with prior authorization — access secure systems in order to find weaknesses and help patch security flaws. It's also certainly a novel solution to a vast and complicated problem.

Exactly how the "hack" was carried out remains unclear. Nohl reportedly declined to name the carriers. 

(via CNN)