DES Encrypted SIM Cards Vulnerability: Is It As Dangerous As It Seems?
Recently we've had a question, at our wiki QA service, regarding vulnerable DES encrypted SIM cards and the ways of protection. The news about that exploit have been all over the web and Google gives hundreds of thousands results for «750 millions of vulnerable SIM cards». In this article we at Jammer-Store will try to clarify how that exploit works and is it really dangerous.
Well, in a matter of fact, that vulnerability is not as dangerous as the media try to describe it. We also have to explain, that there is no virus, that is able too hack SIM cards, simply because viruses are able to make copies of themselves and spread them further. In case of successful exploitation of the DES vulnerability, compromised SIM card won't be able to infect others. So, basically it is a method of remote attack on your smartphone.
Some specifications
Such a remote attack pattern may be successful, if the targeted SIM meets the following specifications:
1. OTA (Over-The-Air) Support. It is a technology that allows to control a SIM card remotely, by sending a special binary messages to it. With help of those binary messages your carrier is able to:
- edit SIM-menu and save new offers from content providers at your SIM card;
- edit the name of the network, that is displayed on the screen, some carriers have used that for rebrending;
- save and configure the list of top priority networks for roaming.
2. SIM card must support PoR (proof of receipt) – that's a feature that responds OTA commands and sends messages with the results back. Not just any SIM has such a feature.
3. OTA messages must be encrypted with DES algorithm.
Java cards
Reading or sending SMS, making calls is possible only if a victims SIM card supports Java card. It is a special programming language, which allows to create standard programs for SIM cards. The cost of a SIM card with Java support is a little bit higher than the price of standard cards, so many carriers simply don't use them.
So, now we came to the point, where I'll try to provide you with a suitable solution for that problem, if you think that it may touch you. First of all we have to say that malicious OTA-messages can be blocked at the network level, with using some kind of a firewall, which is able to block messages with specific features, when they try to come through th SMS center. If carriers will implement that – malicious messages just won't reach the victim's phone. But not just any operator will do so, for example, Verizon has already shown his care about personal data of its users.
Updating SIM cards
Second way is to update the SIM card with those OTA-messages. Your carrier can update your cards encrypting algorithm form DES to 3DES and block the possibility of installing third-party Java applets. Also, you can change your SIM card to a better protected one, that doesn't have such an exploit. Another solution will be using a cell phone signal jammer, if you suspect that your phone is compromised.
Luckily, Karsten Nohl, who has discovered that exploit, is a so called “white hacker”. He haven't published the info about the exploit and passed it to GSM association, which informed all the major carriers about it. So we hope that mobile carriers have taken measures to secure our private data, because otherwise it will be our priority.