Outdated encryption standard may cripple millions of phones and make them vulnerable to spying, a cryptographer with Security Research Labs intends to demonstrate at the Black Hat security conference in Las Vegas.
Security Researcher Karsten Nohl managed to make a SIM card reveal its location and grant him access to some of the handset functions.
Of the approximate 7 billion SIM cards worldwide, many still use DES (Data Encryption Standard), a weak encryption standard from 1970s that presents no problem for a techie seeking the private key used to sign content encrypted with DES.
To extract a DES over-the-air (OTA) key, the researcher sent a binary SMS to the targeted device. â€œThe SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer,â€ the researcher explains in a blog post.
With the operatorâ€™s private key in hand, someone can send properly signed binary SMSs to write malicious firmware updates over the air, push fake updates, force devices to run malicious or dangerous applications, and ask for the location of the phone.
In response, the GSM Association, a mobile communication trade group said “there is no evidence to suggest that today’s more secure SIMs, which are used to support a range of advanced services, will be affected,” implying that only a limited number of old encryption standards are vulnerable to spying.