Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security

Rooting SIM Cards 73

SmartAboutThings writes "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card. Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud."
This discussion has been archived. No new comments can be posted.

Rooting SIM Cards

Comments Filter:
  • Rooting? (Score:1, Offtopic)

    by agm ( 467017 )

    "Rooting" has an entirely different meaning in new Zealand and Australia.

    • what? like the fanny-pack?
    • Re:Rooting? (Score:4, Funny)

      by mynamestolen ( 2566945 ) on Sunday July 21, 2013 @04:32PM (#44345269)
      either way, you're rooted
    • Re: (Score:2, Funny)

      by crutchy ( 1949900 )

      if you happen to be talking about android with an aussie and you tell them they should "get rooted" you might end up with a fist sanga

      • Or a date :)

    • Yeah don't fucking tell us or anything you tosser.

  • by Anonymous Coward on Sunday July 21, 2013 @05:01PM (#44345445)

    Yes, there actually is a JavaVM autonomously running inside the SIM card. Yes, the provider can install programs on the SIM card that interface with the phone through a standardized API. Yes, this hack enables the attacker to do the same. Yes, the JavaVMs are not secure and breaking out of the sandbox enables the attacker to read the master key which identifies the SIM. Yes, that means the attacker can run a software simulation of a SIM card with your secret SIM key and impersonate you vis-a-vis the network. Yes, all that is possible because some providers still deploy SIM cards that accept binary SMS which are signed with DES. Not 3DES, not AES, which are both in the standard as well, but 56 bit DE fucking S.

  • by Anonymous Coward

    I think we're good

  • by EEPROMS ( 889169 ) on Sunday July 21, 2013 @06:22PM (#44345899)
    Damn we have been busted.
  • So ... (Score:4, Funny)

    by ultrasawblade ( 2105922 ) on Sunday July 21, 2013 @07:21PM (#44346207)

    how much longer until I can install Debian on my SIM card?

  • ...was obviously not written by an Aussie... :-)
  • The whole idea of having an update feature in a SIM seems foolish to me. Do they have the same thing in credit cards that have a chip?
    • by Rich0 ( 548339 )

      The whole idea of having an update feature in a SIM seems foolish to me. Do they have the same thing in credit cards that have a chip?

      Yeah, I don't get it either. I also don't get why people do the same thing with NFC tags. I was looking at getting some and was really surprised to see that the phone is used to store data on the tag, and then later this data is used to trigger some kind of phone action. It would make a lot more sense to just stick a dumb GUID on the NFC chip and then just do a DB lookup on the phone to see what to do when it is scanned.

      Unnecessary complexity just leads to problems. The SIM card should just have a key b

      • Re: (Score:2, Informative)

        by Anonymous Coward

        There is a good and sound reason for writing the action instead of GUID on the tag: compatibility. When the NFC spec was being designed, operators were heavily lobbying towards a system you suggested where a GUID would cause a lookup. Unfortunately, the way they wanted to do was that *they* design what happens for the lookup, which would've resulted in a system that every NFC tag action would have been dependent on the operator that issued the tag and the phone. For example, going to an URL could force you

        • by Rich0 ( 548339 )

          Oh, for something like a payment tag that makes a lot of sense. I don't like the idea of having to go to the NFC consortium or tag vendor to have to do a lookup.

          I was referring more to tags that people put on things and program only to affect their own phone. If I want to associate a particular tag with turning on WiFi, why is it necessary to store "turn on wifi" in the tag, and what stops somebody else from storing "wipe phone" on the tag while I'm away from it?

  • Millions? (Score:4, Interesting)

    by wisnoskij ( 1206448 ) on Sunday July 21, 2013 @10:33PM (#44347121) Homepage

    So a very small percentage of all SIM cards then.

    • by 3247 ( 161794 )

      Actually, its "several millions" in Germany alone. The worldwide estimate is more like half a billion, according to this [golem.de] Golem.de article (in German).

  • by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday July 21, 2013 @10:41PM (#44347171) Journal

    I clicked the link expecting to find something interesting and novel, perhaps something on par with Kocher's Differential Power Analysis attack, or better. But this guy spent three years to discover that there are a small number of ancient SIMs, not yet removed from service, which use 1DES for securing applet loading? Actually, I'm sure he did no such thing. Typical bad reporting, exacerbated by bad slashdot editing.

    It looks to me like his talk is really about countermeasures to mitigate the risk for these ancient SIMs, on the assumption that they can't be replaced immediately. That's worthy of research and a talk, though it's hardly front-page material.

  • by Chris Mattern ( 191822 ) on Monday July 22, 2013 @08:14AM (#44349545)

    The one unhackable part of your phone is the one that, if hacked, would enable you to defraud the phone company. Shows where the security priorties are, eh?

  • "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable

    Whoever wrote this - the summary or the original article - has a severe attack of journalistic diarrhoea. They can't distinguish between "unhacked" and "unhackable".

    "Unhacked" means that no successful exploit has been reported ; "unhackable" means that an attack is impossible. I heard of an "unhackable" computing device

    • And having read TFA now, (the https://srlabs.de/rooting-sim-cards/ [srlabs.de] , not the regurgitated one) then the obvious call is the one suggested there : "2 Handset SMS firewall." Much more likely to be implemented on a useful time scale than either "1. Better SIM cards." or "3. In-network SMS filtering."

      So ... who is working on an Android firewall at the appropriate level? I see 48 demos, meetoos and other indistinguishable dreck.

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Working...