Phone SIM cards are easily exploitable and overly intrusive

27/5/2015

The life of an individual in 2015 is vastly different to that of other decades in the fact that everyone is lazy in some way or form; whether it be for work related purposes, or easy access to your social media accounts we all have a mobile phone that contains a piece of technology that is easily exploitable (taking advantage of software/hardware bugs/issues) and overly intrusive. Within our mobile phones, whether it be a smart phone or not, we have all conveniently placed an extraordinarily powerful and smart device that can allow a hacker to take complete control of your phone, a SIM card. A SIM (subscriber identity module) card¹ is a piece of technology that everybody knows exists, yet hardly anyone can define what it actually does or how it works, they just know you need one to get onto Facebook; believe it or not the humble SIM card in your phone is a fully fledged computer and can host and run applications without your phone, thus yourself ever knowing. The alarming facts do not however end there; your phone, whether it be a 2005 flip phone, or the latest product from Apple with finger print identification to stop hackers allows your telecommunication providers, or in the worrying case, a hacker to run applications on your SIM card potentially allowing them to spy on your GSM² traffic which includes your phone calls, SMS messages and Internet usage.

An eye opening speech³ by Karl Koscher and Eric Butler performed at Defcon 21⁴ (an American based hacking conference) displayed, for the first time, the power and pure horror of what a SIM card is intentionally capable of doing when in the hands of a hacker. A single generic SIM card has the power similar to that of a basic Arduino⁵, with an alarmingly larger range of nefarious uses. These pieces of hardware contain an 8-bit AVR (micro controller, similar to a computers central processing unit), 256KB of ROM (program memory), 72KB of non-volatile (doesn't require power to store any data) EEPROM (flash based storage, this is where the SIM cards programming is stored), 6KB of RAM and operate at 20-30 MHz. These specifications, to anyone that has knowledge around computers and hardware are, to put it simply, astonishing; the possibilities of these devices are endless, and I can not exactly fathom how and why they have not yet been exploited on a large scale - as far as we know. As explained by Karl and Eric to modify and flash (upload your own code) a SIM card you need physical access to your victims card, along with some easily obtainable hardware to communicate with the card. However the flash based storage on most newer SIM cards can not be modified - so how can these devices be hacked in present day 2015? They explained that you must start from the beginning. Karl and Eric purchased blank SIM cards and flashed their own code onto them and gave them out to willing citizens who amazingly accepted free SIM cards, this was of-course a proof of concept operation and any recorded data was destroyed.

Unknown to many a programming language known as Java⁶ is found within most everyday pieces of hardware we take advantage of, especially those that have one main function such as a DVD player or the computer that controls the ice in a modern day refrigerator. A SIM card is no exception; these pieces of hardware run a variation of Java known as 'Java Card⁷'. This programming language creates applets (the final compiled version of your code) that leave a small memory footprint; perfect for the specifications of a SIM card. Oracle, the current owners of this software have released a free SDK⁸ (software development kit) to those of whom are interested in developing applets - this in theory is great for those of whom are interested in the technology and do not have the funds to purchase licences; it however allows malicious hackers to develop their own firmware for SIM cards that are intended to be distributed for free. SIM cards are given permission by the end users mobile phone to run applications both on the SIM card and devices background without the consent of the owner - this however is not an exploit or mistake; this is how GSM phones are designed and you are expected to have a legitimate SIM card. Early mobile phones are considered 'non-smart', this means only one thread/process can be run at any given time - think back to playing Snake on an old Samsung dot matrix phone, you are about to beat your personal high score when somebody calls you; your game is closed and score is lost. Due to a phone then being only single threaded your SIM card was important for processing incoming data such as phone calls and SMS messages, which would then alert your phone - this required a high level of permission and trust; sadly the technology and single-threaded 'mind-set' is still around today, even in modern day 'smart phones'. Try it for yourself; if you own an iPhone locate the menu item: settings->phone->SIM applications, if you are using an Android phone head to your application list and select the item "SIM toolkit" - these are applications that are currently installed on your SIM card and are running without your knowledge or permission. Having a malicious SIM card inserted into your phone will allow a hacker to run their own applets and intercept any incoming GSM data. Once you have an exploited card there is nothing that can be done with the exception of getting a new card - do not accept SIM cards from anyone unless they are behind a cash register and chewing gum; but you can not really trust them either.

The story of the exploitable SIM card will however not come to an end any time soon; they are simply too convenient to swap and replace and work exceptionally. Even with the chillingly confronting information provided, you as the audience will not cease to use the seemingly humble SIM card and ironically I myself will not either: we are the problem and the solution, we must want things to change before they actually will. However lets be honest, who actually cares about the alarming state of SIM card hacking, our service providers do not as the technology has not changed since the mid 1990's, you probably wont tonight or tomorrow either - by the way, I have a few spare SIM cards with free unlimited data plans, would you like one?