DES encryption leaves SIM cards vulnerable to exploitation

A German security researcher has cracked the outdated security used by older SIM cards.
Written by Chris Duckett, Contributor

Karsten Nohl, the founder of Berlin's Security Research Labs, has announced an exploit for SIM cards using the outdated 56-bit DES algorithm for its signature verification.

The security researcher found that it was possible to exploit the SIM card's SMS over the air (OTA) update system that is built with Java Card — a subset of Java that allows applets to run on small memory devices.

"OTA commands, such as software updates, are cryptographically secured SMS messages, which are delivered directly to the SIM," said a blog post on SRLabs.de.

"While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the '70s-era DES cipher."

DES is no longer recommended for modern-day use, after being shown to be breakable in 1998. The DES cracker used by the Electronic Frontier Foundation (EFF) in 1998 took 56 hours to complete the brute-force attack; Nohl was able to crack the DES encryption in two minutes on a modern computer with the use of rainbow tables.

The attack vector that Nohl used starts by sending an improperly signed binary SMS to the target device, which will not be executed by the SIM because of a signature verification failure, but sometimes a target will respond with an error code that contains the device's cryptographic signature.

Once this signature is resolved using a rainbow table, the DES key is known within a couple of minutes.

From this point, the attacker is able to send properly signed binaries that could allow them to download Java Card applets, send SMSes, change voicemail numbers, and query location data.

The SIM can also be cloned and used in a variety of mobile payment solutions that rely on payment credentials stored in the SIM.

Three options for a better defence against the attack are noted in the blog post. The simplest is updating the cryptographic algorithms used in SIM cards, with an alternative being the addition of a handset SMS firewall to allow users to select which sources of binary SMS to trust. The final recommendation was for the network carriers to filter binary SMS sources themselves.

Up to 750 million phones may be vulnerable, Nohl told The New York Times.

"We can remotely install software on a handset that operates completely independently from your phone," Nohl told the NYT. "We can spy on you. We know your encryption keys for calls. We can read your SMSes. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."

Nohl came to prominence in 2009 when he cracked the algorithm used to encrypt calls made on GSM networks.

The research will be presented by Nohl at the upcoming BlackHat conference on July 31.

Editorial standards