The recently outed security vulnerability in subscriber identity module (SIM) cards is not linked to the spate of SIM-swap related Internet banking fraud recently reported in South Africa.
News emerged on Monday (22 July 2013) that Security Research Labs (SRLabs), headed up by Karsten Nohl, disclosed a vulnerability that could allow attackers to spy on, or defraud cellphone users.
“We become the SIM card. We can do anything the normal phone users can do,” Nohl told Reuters.
This includes making calls and sending SMS messages impersonating a hacked SIM. These calls could be placed to premium numbers, earning hackers money by defrauding subscribers.
Another way a user could be defrauded is by intercepting random verification number (RVN) text messages, such as those used by many banks in South Africa.
Fraudsters would need to know your Internet banking credentials in addition to hacking your phone, information which local banks say scammers get using phishing attacks.
Though the newly discovered attack is suited to this kind of Internet banking fraud, Vodacom and Cell C said that scammers combined data from phishing with fraudulent SIM swaps; the SIMs themselves were not hacked.
SIMs using ancient DES algorithm affected
In media interviews, Nohl has said that the vulnerability appears to be linked to SIMs that use the older Data Encryption Standard (DES)
DES has been considered insecure for some time after it was found that it could be cracked using a brute-force attack due to its short 56-bit keys.
A brute-force attack searches through each possible key combination to try and find the right one, which in the case of DES’s 56-bit key means going through over 72 quadrillion (7.2058×1016) keys.
Security researchers have shown that it is possible to build a machine that can do this in less than a day. In a blog post on the SRLabs website, the company explained that DES keys can be cracked even faster using rainbow tables.
What Nohl and his team discovered was a way to exploit the insecurity of DES in older SIMs without physical access to the SIM, knowing only its phone number.
Nohl told RT that he stumbled upon a flaw in the over-the-air (OTA) commands supported by these SIMs after sending certain incorrect commands to them.
The error messages returned by the SIM to the hacker upon being issued these unknown commands contain its cryptographic signature.
Using rainbow tables, SRLabs said this signature was easily resolved to a 56-bit DES key in two minutes on a standard computer.
This DES key is all a hacker needs to defraud or spy on a user of a vulnerable SIM card, SRLabs said.
To crown it all, OTA commands are sent to phones as a binary SMS which is invisible to the user, as phones do not indicate that they are receiving them.
Defence against the SRLabs SIM attack
SRLabs goes on to offer some recommendations on its blog to defend against the vulnerability it discovered.
The first thing operators and vendors should be looking at are better SIM cards that use state-of the-art cryptography with sufficiently long keys. SIMs should not disclose signed plaintext messages to attackers and must implement secure Java virtual machines.
Some cards already come close to this objective, but SRLabs said that the years needed to replace vulnerable legacy cards warrant supplementary defences:
- Handset SMS firewall. One additional protection layer could be anchored in handsets: Each user should be allowed to decide which sources of binary SMS to trust and which others to discard. An SMS firewall on the phone would also address other abuse scenarios including “silent SMS.”
- In-network SMS filtering. Remote attackers rely on mobile networks to deliver binary SMS to and from victim phones. Such SMS should only be allowed from a few known sources, but according to SRLabs most networks have not implemented such filtering yet. “Home routing” would also improve customer privacy when roaming as it would provide protection from remote tracking.
Vodacom, MTN, and Cell C respond
MyBroadband asked South Africa’s mobile network operators whether they have SIMs on their network that still use DES, and three of the four responded.
“With the help of our SIM vendors, we have assessed the impact of this research, and we are putting in place a comprehensive set of measures to ensure that our customers are fully protected,” a spokesperson for Vodacom said. “Vodacom takes its customers’ security extremely seriously.”
Neil Tomkinson, GM of service delivery at MTN SA said that they too are in contact with their SIM vendors and uphold high security standards in its services.
“Initial investigations indicate none of the current MTN subscribers are at risk,” Tomkinson said.
Cell C said that it has been working closely with the GSMA to review this latest security threat.
According to Cell C, it has proactively started an auditing process to determine if any of the older SIMs are vulnerable to this security risk and if so, how many are active on its network.
“Cell C will implement the necessary measures to safeguard our subscribers against this latest known security threat, should we find that any of our customers are at risk,” a spokesperson for the network told MyBroadband.
Telkom Mobile mum on security concerns
Telkom Mobile did not respond by the time of publication.