A very talented security researcher named Karsten Nohl has discovered what could be a major vulnerability in millions of mobile phones. He’s found a way to extract a secret from the SIM card. (He found another vulnerability, too, that may be even more serious. We’ll look at that another time.)
This vulnerability can be found in many GSM phones, mostly older ones. GSM is the Global System for Mobile Communications. The SIM (Subscriber Identity Module) is a small memory card that holds encryption keys, possibly your contacts and possibly your payment information such as your VISA card number. The SIM card is essential to normal operation of your phone – without it the phone can only make emergency calls. All that information is accessible when this vulnerability is exploited. In fact it allows the entire phone to be compromised or cloned.
What Nohl discovered was a way to discover the DES (Data Encryption Standard) encryption key in the SIM. The method is quite clever. Basically it works like this (yes, this is oversimplified): first, the attacker sends the phone a binary SMS (Short Message Service) message telling the phone to do something.
It turns out that there are multiple types of SMS messages. We are all familiar with the ones use to chat with other devices. Another type is a binary message to ask the phone to do something specific. These are not seen by the user and the must be authenticated to the phone by knowing the phone’s key. If the message can’t be authenticated, an error message is generated. That error message can be sent unencrypted but with a hash (they call it a “Cryptographic Checksum”) generated using the DES key. While some phones don’t sign the message, many do.
The problem is that the key is a 56-bit DES key. Combined with the fact that the phones all send the same error message, it is easy to discover the key used. Nohl appears to use a rainbow table to make searching for the key faster. (We discuss rainbow tables in Learning Tree Course 468, System and Network Security. Essentially, one could compute the key by rehashing the message using each of 256 possible keys, or one could store all possible 256 possible hash values. Rainbow tables store some of the values and so only a few need to be tested to find the correct value.) He can find the key in about two minutes on a standard PC.
What does all this mean? It means that millions of phones around the world are subject to compromise. I don’t know which ones those are and I doubt we’ll see a complete list any time soon. I do hope vendors will say “Don’t worry about this if you have a XXX phone.” I have seen estimates that a fix would cost about USD1.00 per phone. That isn’t a lot until you start thinking about millions of phones…
Here’s an article from Dark Reading with some more information. I hope this issue (and the other one Nohl found) will be resolved soon as so many of us rely on our phones. If you have any thoughts on this vulnerability, please share them in the comments below.