SIM Hack Can Expose Cell Phones to Crooks

A German security research lab revealed surprising security flaws in SIM cards.

ByABC News
July 22, 2013, 12:14 PM

July 22, 2013— -- You're not going to get a text message asking to forward thousands of dollars to fund a Nigerian prince. However, new research from Security Research Labs in Berlin reveals that some phones' SIM cards are susceptible to attack.

Hackers can send a special type of SMS message (similar to a text message) that can fool cell phones and give the hacker free reign over the SIM card.

The SIM card (short for subscriber identification module) is more like a computer than a standard piece of hardware, with both memory and a central processor unit. "It's a tiny computer that [usually] runs Java," said Karsten Nohl, the Chief Scientist at Security Research Labs who will present his findings at the Black Hat USA conference later this month.

Whenever a company releases a SIM Card update, it does so using a binary SMS message. Unlike regular SMS messages that texters are familiar with, the binary SMS message is sent directly from the company to the SIM card. "It's used a lot in manufacturing functions," Nohl told ABC News.

Hackers first send out a binary SMS to the phone they are attacking. They receive an error message from the phone, but that error message is digitally signed with a cryptographic signature. The hacker can reverse engineer the signature to reveal a key, which can then be exploited to send their own text messages, change the phone's voicemail number, or install their own apps on that phone. "All in all, the process takes about three minutes," said Nohl.

Users who have been hacked won't immediately know it. "You'll know by the end of the month when your phone bill arrives," said Nohl.

Though Security Labs Research made their first public statement yesterday, Nohl says that they have been talking with European wireless networks about implementing better security measures, like stronger encryption protocols and SMS firewalls. However, talking with the public puts additional pressure on companies to address and fix these flaws. "Hopefully, our research was a reminder for companies to [upgrade their SIM card security]," he said. "It's a hack with no casualties."

Wireless providers in the United States have said that this hack isn't likely to affect their customers. A T-Mobile spokesperson said, "T-Mobile SIMs use the newer '3DES' technology, so customers will not be affected."

An AT&T spokesperson has also said, "AT&T SIM profiles are in line with GSMA recommendations and have employed triple Data Encryption Standard (DES) for nearly a decade."