Saturday, August 03, 2013

Carriers close SIM vulnerability by hacking into their own SIMs

The flaw in the encryption technology used in some -- not all -- SIM cards, one which could allow a hacker to take over a mobile device, has been fixed in a clever fashion. Karsten Nohl of Security Research Labs in Germany, speaking at the Black Hat Security Conference on Wednesday, said that at least five carriers had closed the hole by using the same vulnerability to hack into their own SIMs and rewrite the software.

Nohl declined to name the carriers involved.

Earlier, Nohl had said the flaw he had discovered existed in the encryption method called the data encryption standard (DES), which was developed in the 1970s. His testing showed that about 25 percent of those SIM cards using DES encryption were vulnerable to the hack.

Nohl said he was able to hack into a device via its SIM card in about two minutes. The flaw allows hackers to obtain a SIM card’s digital key. Once that key was obtained, Nohl said, he was able to infect the SIM card with a virus through a text message.

Through the virus, he was able eavesdrop on calls, make purchases through mobile payment systems, and even impersonate the phone’s owner.

Physically replacing millions of vulnerable SIMs would have been a costly and complex undertaking for carriers. Instead, the carriers that have already provided a fix developed a hacker mindset. Using the same Java vulnerability Nohl discoverered, they used it to hack into their own SIMs and rewrite parts of their operating systems.

Kohl was pleased by the quick response of carriers. He said:
They're adopting hacking methods to make it more secure. Abusing the Java vulnerabilities to update the card is the neatest outcome of this.

No comments: