SIM cards are broken

Today’s news is that Karsten Nohl did it again. This German security researcher is slowly, but constantly rising in my eyes to become one of those few heroic people that I think are changing and shaping our world to make it better. I simply love his work and his results, they are just plainly fenomenal.

Now he did it again, he cracked yet another aspect of GSM-3G which hasn’t really been looked at. He was able to remotely crack the encryption key of a SIM card and then get root access on it, meaning that he is able to modify the applications running the SIM card and also install new applications for example a malware on it.

This actually leads to sending SMS in the name of the victim, or actually cloning the whole card (some cards’ Java Sandboxes could be bypassed leading to a full memory access of the SIM card).

With the rise of new NFC payment systems which use SIM card Java Apps to perform authorization of payments this kind of access and behavior is certainly frightening.

Read the whole story at Forbes