Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it.
How this bug works?Telecom carriers send messages to mobiles for purposes of billing or confirming mobile transactions. The devices verify these carrier messages with the help of digital signatures. Nohl sent out fake messages simulating as a telecom carrier with fake digital signature. In most of the cases (75% times), the device was able to detect fake signatures using 56-bit Data Encryption Standards (D.E.S.) and hence terminated the communication. However, in rest of the cases, the mobile phone replied with an error message containing its encrypted digital signature. From the digital signature, Nohl was easily able to find the SIM’s digital key. After getting the digital key, the second step of the hack requires sending another message to the mobile phone to install software which can be able to perform various malicious activities.
What this bug can do?The software now installed on the phone can do numerous things such as sending text messages to premium numbers, re-directing incoming calls to other numbers, and even eavesdropping on calls. The software can carry out payment system fraud as well if the SIM card is used for saving bank account details or for doing transactions. In short, the hackers can do almost anything which you can do from your phone remotely. Moreover, all smartphone Operating Systems- Android, iOS, Blackberry are equally affected by this bug. Although, since the bug allows access to data stored on SIM card, so any payment apps which store data outside the SIM card are safe. It must be noted that the vulnerability was found out in SIM cards using DES encryption method which was developed in 1970s and is still used in about half of the approximately 6 billion phones in use daily. This means that around 750 million phones are prone to such hacking attack.
Possible SolutionMr. Nohl also stated that the phones are randomly able to flag the fake digital signatures and thus there can’t be any set method to determine which are phones are actually vulnerable. Also, newer SIM cards which have adopted stronger encryption method called Triple D.E.S. are safe from this hacking. He has discussed his learning’s with GSMA and SIM card makers and also suggested them to use better filtering technology to detect the kind of messages he had sent. Even consumers using SIM cards more than three years old should get their SIM card replaced from their respective carrier. Karsten Nohl will present his study and more details about the vulnerability at Blackhat Conference in Las Vegas, USA on July 31st. Source: Forbes, NYTimes