Up to 750 million mobile phones around the world carry SIM cards that
contain a programming flaw that could leave their owners vulnerable to
fraud. The bug allows a hacker to remotely access personal data and
authorise illegal transactions within minutes.
The UN’s International Telecommunications Union is to send an
alert to all mobile phone operators after being presented with
“hugely significant” evidence of a design flaw by renowned
German code-breaker Karsten Nohl.
The bug affects the SIM card, the plastic circuit board that
contains key phone user data, which is considered to be the
most-secure part of the phone, and has not been hacked in a
similar fashion in a decade. By finding out the unique encryption
key of each SIM card with just one hidden text message, Nohl is
able to get complete remote control of an individual’s phone.
"We become the SIM card. We can do anything the normal phone
users can do," Nohl told Reuters. "If you have a
MasterCard number or PayPal data on the phone, we get that
too."
The flaw can be exploited both for financial fraud and for
surveillance.
“We can remotely install software on a handset that operates
completely independently from your phone. We can spy on you. We
know your encryption keys for calls. We can read your texts. More
than just spying, we can steal data from the SIM card, your
mobile identity, and charge to your account,” Nohl explained
to the New York Times.
The 31-year-old 'ethical hacker' Karsten Nohl breaks into secure
systems, exploiting their vulnerabilities, and then presents his
findings to companies, hoping they fix any issues before they are
identified by criminals.
Nohl says his team had been unsuccessfully attempting to breach
SIM cards since 2011, using over-the-air-programming (OTA) –
unseen text messages that are sent by the mobile phone operator
to change settings on the phone of a user within their network.
“We had almost given up on the idea of breaking the most
widely-deployed use of standard cryptography,” admitted Nohl,
who says that SIM card tampering is the 'Holy Grail' for any
hacker.
In the end, the flaw was found by accident.
Nohl noticed that when he attempted to send certain incorrect OTA
commands, he would receive an error message that also contained
the unique encryption code belonging to that phone – its virtual
key. The code was easily decrypted – Nohl says the process takes
him one minute. With the phone now at his disposal, he could
command it to do anything from his own computer, without the user
ever suspecting anything was amiss.
The bug was not found in every SIM card tested - Nohl researched
more than a thousand - but he estimates that it is present in
about a quarter of SIM cards using Data Encryption Standard
(DES), a security standard that is being phased out but is still
used on about 3 billion active phones. That’s why Nohl estimates
that 750 million users might be in danger. What’s more, there is
no easy way for a DES SIM card owner to identify if their phone
is susceptible.
The security expert has already privately informed authorities
about his findings through a process called 'responsible
disclosure', and believes it will take hackers six months to
repeat his feat, giving manufacturers a head start. Nohl
will detail his break-in at a Black Hat, a hackers conference
that begins in Las Vegas at the end of July.
While leading companies have released statements acknowledging
the flaw, and saying that they are working to eradicate it,
authorities have urged calm among ordinary users, noting that no
criminal damage appears to have been done so far.
"This is not what hackers are focused on. This does not seem
to be something they are exploiting," reassured John Marinho,
Vice President of Technology and Cybersecurity at CTIA, the
leading US mobile industry group.
But whatever the immediate risks, the UN is less sanguine.
"These findings show us where we could be heading in terms of
cyber-security risks," ITU Secretary-General Hamadoun Touré
told Reuters.
http://rt.com/news/sim-mobile-nohl-hacking-389/
