Be Aware: SIM Card Hacking

According to Andrew Jaquith, CTO and SVP of Cloud Strategy at SilverSky, the most impressive presentation of Black Hat 2013 was Karsten Nohl’s SIM card hack demonstration in which he accessed SIM cards (that identify a phone’s owner and store personal data) by exploiting flaws in the encryption keys and sending a hidden SMS text message. Jaquith noted that the presentation lived up to the hype as an impressive and strong piece of research.

“Nohl found that due to flaws in the way SIM cards communicate with mobile operator networks, an attacker could recover DES-encrypted secret keys and, in theory, inject signed malware into the phone's JavaCard. That could enable decryption of all calls, recovering data from banking apps that store data on the SIM, and reading everything on the SIM card, including getting all of the information needed to clone the SIM. I watched him "clone" a SIM card in real time. Any phone that has a SIM card could be at risk. This includes iPhones and Android devices on AT&T or T-Mobile networks in the US, and every European carrier. This was a very impressive body of research, and quite scary. The mobile operators are taking this issue very proactively; that shows just how serious the threat is.” — Andrew Jaquith,