Millions of Sim Cards are Vulnerable to Hackers

Millions of Sim Cards are Vulnerable to Hackers
A flaw with mobile phones’ Sim card technology is putting millions of people at risk of being spied on and robbed, according to a leading security expert. Karsten Nohl has said he has found a way to discover some Sims’ digital keys by sending them a special text message. He warned criminals could potentially use the technique to listen in on calls or steal cash.

Industry organisation – the GSMA – said it was looking into the findings.

“Karsten’s early disclosure to the GSMA has given us an opportunity for preliminary analysis,” said a spokeswoman for the association, which represents global network operators, “We have been able to consider the implications and provide guidance to those network operators and Sim vendors that may be impacted. “It would appear that a minority of Sims produced against older standards could be vulnerable.”

Mr Nohl has posted preliminary details of the vulnerability on the website of his company, Berlin-based Security Research Labs.

Sim (subscriber identity module) cards effectively act as a security token, authenticating a user’s identity with their network operator.  They also store a limited amount of data such as text messages, contacts’ telephone numbers and details used for some applications – including a number of payment and banking services.

Africa rely on the security offered by their Sim cards

Mr Nohl said he had found a way to discover the authentication code by sending a device a text message masquerading as a communication from the user’s mobile operator. The message contained a bogus digital signature for the network.  He said most phones cut contact after recognising the signature as being a fake – but in about a quarter of cases, the handsets sent back an error message including an encrypted version of the Sim’s authentication code.

The encryption is supposed to prevent the authentication code being discovered, but Mr Nohl said that in about half of these cases it was based on a 1970s coding system called Digital Encryption Standard (DES), which was once thought secure but could now be cracked “within two minutes on a standard computer”.

Once the attacker had this information, Mr Nohl said, they could upload malware to the Sim written in the Java programming language.  He said these could be used by the hacker to send texts from the device to premium rate numbers they had set up, to discover and listen in to the target’s voicemail messages and to track their location.

In addition, he warned that combined with other techniques, it could act as a surveillance tool. “Sim cards generate all the keys you use to encrypt your calls, your SMS and your internet traffic,” Mr Nohl told the BBC. “If someone can capture the encrypted data plus have access to your Sim card, they can decrypt it.  “Operators often argue that it’s not possible to listen in on 3G or 4G calls – now with access to the Sim card, it very much is.”

Mr Nohl said that his research suggested about an eighth of all Sim cards were vulnerable to the hack attack – representing between 500 million to 750 million devices.

Although Mr Nohl would not reveal at this time in which countries DES encryption remained most common, he did say that Africa-based users had particular cause for concern. “Here in Europe we use a Sim card to make phone calls and texts, but many people in Africa also use them for mobile banking,” he said. “Someone can steal their entire bank account by copying their Sim card.  “That adds a certain urgency because you imagine fraudsters would be most interested in breaking into their Sim cards – especially when it can be done remotely.”

Mr Nohl said he expected network operators would not take long to act on his study, and should be able to provide an over-the-air download to protect subscribers against the vulnerability.

The GSMA said that it had not yet seen the full details of his research, but planned to study it to pinpoint any issues that could be fixed. It added that “there is no evidence to suggest that today’s more secure Sims, which are used to support a range of advanced services, will be affected”.

The UN’s telecoms agency – the International Telecommunications Union – said that it would now contact regulators and other government agencies worldwide to ensure they were aware of the threat.

Mr Nohl said he planned to reveal more information about the vulnerability at the Black Hat security conference in Las Vegas later this month. However, he said he would not publish a survey showing which phone owners were most at risk until December to give operators an opportunity to address the problem.

Easy Seal Industrial Roofing & Cladding

Welcome to Easy Seal Industrial Roofing & Cladding
Easy Seal UK Ltd was formed in December 2001, based in Washington, Tyne & Wear in the North East of England UK. We specialise in renovation and maintenance services to Industrial and Commercial flooring, roofs, asbestos roofs and external wall claddings such as plastic coated steel and asbestos cement.

We have a team of nationwide experienced surveyors on hand to recommend the most economical solution to your entire industrial roofing, flooring and wall-cladding problems.

Contracting services we provide include:

Asbestos & Felt Roofing, Asphalt & Steel Roofing
» High-Performance Renovation Coating Membrane Systems
» Emergency Repair & Waterproofing
» Maintenance
» Gutter Cleaning
» Gutter Lining Systems
» Gutter Replacement
» Oversheet Roofing
» Roof Skylight Replacement
» High-Performance Liquid Coatings
» Emergency Repairs

Concrete Floors
» Vacuum Blast Track Preparation
» Single Pack Moisture Cured Floor Coatings
» Anti-Slip Floor Coatings

We provide a FREE site survey by one of our technical consultants based throughout the UK, to advise on the most economical solution to all your roof, wall cladding and flooring problems. You then receive a full specification and costing of the work to be carried out by our highly trained site operatives.

Industrial Commercial Roofing Services
Easyseal roofing operatives are specialists in applying single ply and liquid applied waterproof membrane systems to Industrial and Commercial buildings. With our expertise and experience in supplying system specification and the application of High Performance Renovation Systems we can provide our clients with peace of mind.Easyseal can carry out renovation works to Asbestos, Asphalt , Felt and Steel roofs.We can supply economical solutions to all your roofing problems.

Industrial Commercial Wall Cladding Services
External wall cladding requires protection from the weather and pollution.
Easyseal can offer a range of coating systems which will protect most surfaces
from plastic-coated metal cladding to Asbestos wall cladding sheeting.

Industrial Commercial Flooring Services
Our team of skilled flooring operatives can overcome the most difficult industrial
& commercial flooring problems. Easyseal can provide floor coating systems for
concrete substrates old and new. These fast curing systems are ideal for factory
and warehouse buildings who require a fast turn around.

Asbestos Roof Cleaning and Asbestos Removal Services
Asbestos roofs are still widespread throughout the Uk.Easyseal offer specialist
cleaning to these Asbestos roofs using our specially designed cleaning unit which
removes all moss and lichen, with water filtration system included. After the cleaning process, problem areas can be easily identified and repairs can be carried out. New roof lights can be installed and a wide range of protective coatings can be applied to extend the life of the Asbestos Roof if desired. Easyseal can provide Asbestos removal work which is strictly controlled and carried out to up to date Health & Safety guidelines and regulations.

Business:             Easy Seal UK