Threat Category: USIM / SIM / UICC security
ID: STA-20
Threat Description: Management protocols built into the SIM cards allow the cards to communicate with servers belonging to the service providers. The communication between the SIM cards and the service providers are messages that aren’t displayed on the phone but forwarded directly to the SIM card without the user’s knowledge. These messages are encrypted or protected by cryptographic signatures. The over-the-air server and the SIM card use the same key. If attackers figure out the key and they can trick the SIM card into thinking that they are the network provider, the attacker can force the SIM card to use old weak DES algorithm and can subsequently decrypt communications between the device and the network operator. Once an attackers cracks the key, they can commit SMS fraud, circumvent caller ID checks, manipulate voicemails, redirect incoming calls and text messages, track and phish users, and install malware on their devices.1
Threat Origin
Rooting SIM Cards 2
Exploit Examples
Rooting SIM Cards 2
CVE Examples
Not Applicable
Possible Countermeasures
References
B. Donohue, Weak Encryption Enables SIM Card Root Attack, threat post, blog, 1 Aug. 2013; https://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557/ [accessed 12/03/2019] ↩
K. Nohl, Rooting SIM cards, presented at BlackHat, 2013. https://infocondb.org/con/black-hat/black-hat-usa-2013/rooting-sim-cards [accessed 7/27/22] ↩ ↩2