Mobe SIM crypto hijack threatens millions: Here’s HOW IT WORKS
by Bill Ray, theregister.co.uk
July 22nd 2013
You’ll kick yourself when you know how
Analysis A German researcher reckons he can take control of your phone’s SIM card and hijack the handset by cracking the encryption on the device.
But he’s not alone: network operators have long been able to do just that, and a careful look at how that’s possible makes the long-standing security of GSM phone networks all the more remarkable.
GSM networks are secured by shared secrets. A unique cryptographic key is issued to each subscriber and embedded in their phone’s SIM card; a copy of that key is held by the network allowing mutual authentication by symmetric encryption (the same key is used at both ends).
Despite successful assaults on other parts of the GSM infrastructure those private keys have remained beyond the grasp of hackers, at least until now.
Pedigree security researcher Karsten Nohl has apparently discovered two unrelated flaws in implementations of the GSM standard that (when combined) could leave millions of SIM cards vulnerable to attack. Such attacks could permit call interception, and threaten the security of NFC applications (such as pay by wave) just as the tech is on the cusp of going mainstream.
Getting the secret key off a SIM isn’t easy – but increases in computing power have combined with poor implementations to create the first flaw exploited by Nohl, which reveals the secret key that should be known only to the network operator and the SIM.
Nohl’s crack uses an SMS message addressed to the SIM, and unseen by the user. This is normal enough; these messages come in four classes (0-3) addressed to the user, the handset, the SIM, and a tethered device respectively. Class 0 is the one we all know and love, but Class 2 (addressed to the SIM) remains surprisingly popular even if the other classes are all but forgotten.
The most common Class 2 message contains changes to the list of preferred roaming partners, to reflect new deals between operators, but the Global Platform standard permits anything, even the entire operating system, to be changed using signed Class 2 messages.
Such radical updates are rare, but they have happened and are secured using that shared secret, so knowledge of the key confers significant power.
This should already be setting off alarm bells
Nohl’s crack starts with a malformed Class 2 message. Anyone can send such a message using a software SMS Centre (SMSC), or even an old handset as some permitted a user-selected class. That message is rejected by the receiving SIM as it’s not signed, usually the message is just discarded but some SIMs apparently respond with a digitally signed error message that can be used to reveal their secret key.
Digital signatures shouldn’t reveal the keys used to sign them; that would defeat the object, but in this case it seems that some do.
The digital signature sent over with the error message is a one-way hash: a fixed-length summary of the message that is generated by the phone using the secret key.
This allows the receiver of the message to verify it is genuine and trustworthy: the receiver calculates a hash value using its copy of the secret key and the received message data. If that calculated value matches the hash included with the message then all is well – the secret keys at both ends must match.
But Nohl’s team has a rainbow table to deduce the secret key from the signature.
The error message is a standard one – it doesn’t change between handsets – so by generating a list of every possible key value, a rainbow table of every possible hash value can be calculated for this one particular message. So an attacker simply takes the signature from the phone and looks it up in the rainbow to discover the secret key.
Every bit of a key doubles the size of the rainbow table, and such techniques rapidly become impractical as keys get bigger, but some older SIMs are using 56-bit keys and old-style DES encryption which combines to make the rainbow technique viable, and where that happens the secret key can be quickly discovered.
Once you have the key, you can start signing your own command SMS messages to control a targeted mobile.
What can be done?
Operators can change the SIMs, and update the encryption, but users are surprisingly reluctant to slot a new SIM into their handsets – they become quite emotional about it, proud to be using decades-old chippery, which stalls upgrade programmes. It’s also expensive – adding a dollar to the cost of the SIM may seem like a small deal, but when a network has 10 million customers it becomes a significant expense.
Quite how many SIMs are using 56DES we don’t know; Kohl reckons to have tried a thousand over the last year or two and discovered a quarter are vulnerable. There’s no easy way to discover if a specific SIM is using 56DES, the operators store the information along with the keys, but the SIM won’t talk about the subject.
Armed with a key our miscreant can reprogram the SIM to do just about anything – redirect SMS messages, change the preferred network operator, run up enormous bills to premium-rate numbers and authenticate payments through services such as PayForIt. Modern SIMs can request an internet connection, furnished by the handset and generally without user interaction, through which our attacker can cause all sorts of mischief – though to get at the users’ bank details he’ll need Nohl’s second flaw.
Almost all SIMs (and credit cards) use JavaCard, a relation of Java still owned by Oracle, but having little in common with the cross-platform interpreted language beyond a bit of syntax. JavaCard is an operating system, not a language, and one which keeps applications (Cardlets, in the parlance) separated so they can’t talk to each other.
Nohl claims to have found a flaw in that separation, though he won’t be making the details public until next month’s Black Hat conference. Combining that flaw with possession of the secret key makes for a potent combination – pay-by-bonk applications, such as the one being launched by EE later this year, rely on the hitherto sacrosanct separation of JavaCard apps, so they’ll be a good deal of interest in Nohl’s talk from hat wearers of all colours.
GSM authentication, as opposed to encryption, has proved amazing resilient over the years. A fix for this problem will likely turn up pretty quickly with the ITU and GSMA falling over themselves to be associated with the solution, but if it needs replacement SIMs then that will be a longer process.
Operators should be quick to send out new SIM cards to customers still using 56DES, but the JavaCard vulnerability may prove harder to patch and we’ll get you details of that just as soon as we can. ®