Long thought to be the most secure part of a mobile device, the SIM card, the part of the phone that stores parts of the mobile phone operating system as well as subscriber- and carrier-specific data, has been hacked. This is potentially very bad news for technologies such as mobile-based payment systems, like those based on near-field communications, because an attacker could gain superuser access to the contents of the SIM card, planting malware that could compromise such transactions.
The attack, which is the result of three years of work by Karsten Nohl, a cryptographer from Germany, takes advantage of the fact that some mobile carriers still use a very old encryption algorithm for these SIM cards called the Data Encryption Standard, or DES. DES was introduced in 1977 and was the de facto standard for encrypting sensitive data until the late 1990s. DES uses a 56-bit encryption key, which is way too small for today’s high-powered computers. In fact, using distributed computing, a cluster of processors can rifle through all possible 56-bit keys in about seven minutes until the correct one that decrypts the message is found.
Even the mobile carriers who are more on the ball use a successor to DES called Triple-DES (3DES). 3DES is basically DES on steroids. However, it is prone to another kind of assault called the “birthday attack”. The birthday attack, which plagues encryption algorithms that process data in small chunks rather than larger ones, enables an assailant to compose a different message from the one that he is trying to compromise that is able to fool the system into believing the counterfeit message is legitimate. It doesn’t appear that any mobile carriers yet use today’s encryption standard, AES, which is prone to neither brute-force-key-guessing nor the birthday attack.
Given a phone number or some other piece of data that would be encoded onto a SIM card encrypted using DES, Nohl used a popular password-breaking tool called rainbow tables to determine the key used to encrypt the card’s contents. Once in, Nohl was able to use the Java Card programming environment that is typically used to configure and edit these cards to plant malware on the them. The malware is able to make premium calls on behalf of the user, incurring additional charges on her bill. There is no reason, however, that other malware couldn’t be planted to do more nefarious things, such as compromise a mobile payment tool installed on the device or forward private email messages.
Research like this isn’t done for sport. Nohl and his colleagues “hack” to identify where the vulnerabilities lie so that technology manufacturers and developers can plug the holes before the bad guys take advantage of them. In this particular case, Nohl believes that the mobile carriers and the researchers helping them have about six months before would-be attackers figure out how to pull this off. Researchers and the mobile phone industry can use that time to figure out how to fix this vulnerability.
Cryptographers are computer scientists and mathematicians who play a vital role in keeping our computing ecosystem safer than it otherwise would be. At Lewis, our Computer Science students can take a variety of courses in computer security, including a course specifically about encryption. By learning how data is kept secure at the algorithmic level, our computer science students gain an understanding that helps them outwit the bad guys to keep our data secure. With an estimated 500 million phones at risk of the attack Nohl discovered, it is clear that we need to prepare more people who have this knowledge.