Saturday, September 14, 2013

New SIM Card Exploit

On the 19th July 2013 I posted http://trewmte.blogspot.co.uk/2013/07/android-ddms-vulnerability.html about knowing exploits on and understanding originality and genuineness of a handset and (U)SIM Card.

Karsten Nohl on the 22nd July released details of an exploit for older type (no specifics as yet) SIM Cards using DES security. The exploit revealed a returned 'error code that contained the device's cryptographic signature, a 56-bit private key. It was then possible to decrypt the key using common cracking techniques.' http://www.theinquirer.net/inquirer/news/2283935/sim-card-encryption-exploit-leaves-mobile-phone-users-vulnerable-to-hacking

Importantly, the article goes on to identify possible exploits that may be caused when in possession of a decrypted key.

What isn't clear is whether the exploit leads to the creation of a cloned SIM Card that is operating live in the same network at the same time and whether the network detection techniques fail to pick that up?  That means not just detect (VLR/HLR) but take decisive action such as call tear down, blocking and suspending IMSI subscriber etc. 

Articles:
http://www.theinquirer.net/inquirer/news/2283935/sim-card-encryption-exploit-leaves-mobile-phone-users-vulnerable-to-hacking

http://nakedsecurity.sophos.com/2013/07/22/rooting-sim-cards-blackhat-speaker-says-he-may-be-able-to-own-your-phone-with-a-text-message/

http://thehackernews.com/2013/07/sim-card-cloning-hack-affect-750.html



For some background research materials specific to GSM SIM regarding Java servers and updating SIM OTA:
GSM 11.11
GSM 11.13 (Java Applets)
GSM 11.14 STK