My Thoughts on Technology and Jamaica: Dr. Karsten Nohl reveals GSM Phones' SIM Cards can be hacked via a Text Message - Elysium of Jamaica’s nascent Mobile Money Banking and Cashless Society

Monday, July 22, 2013

Dr. Karsten Nohl reveals GSM Phones' SIM Cards can be hacked via a Text Message - Elysium of Jamaica’s nascent Mobile Money Banking and Cashless Society

“Sim cards generate all the keys you use to encrypt your calls, your SMS and your internet traffic. If someone can capture the encrypted data plus have access to your Sim card, they can decrypt it. Operators often argue that it's not possible to listen in on 3G or 4G calls - now with access to the Sim card, it very much is.”

Dr. Karsten Nohl, founder of Security Research Labs in Berlin, Germany, speaking to the BBC (British Broadcasting Corporation) on Sunday July 21st 2013 on the issue of SIM Hacking

Breaking News folk!  If you though your Debit Card and Credit Card Hacks, especially those with the new supposedly more secure RFID versions were your main headache, especially if you live in a First World Country such as America, I’ve got more worries to pile on your plate. The video below is just a reminder.


The bearer of this bad news is Dr. Karsten Nohl, founder of Security Research Labs in Berlin, Germany and a PhD in Computer Science from the University of Technology. His name should be familiar to you, especially if you follow Hacking and the Research Branch of Telecoms. And here’s  Dr. Karsten Nohl along with his PhD Research Credentials:


He’d revealed back in April 2010 that it’s easy to hack the 64 bit A5/1 Codebooks schema of GSM (Global System Mobile) Voice Networks using off the shelf hardware and Open Source software and eavesdrop on conversations as explained in Q&A: Researcher Karsten Nohl on Mobile eavesdropping, published January 1, 2010 4:00 AM PST by Elinor Mills, CNET News.

Now it’s 2013 and he’s up to no good again with news to rock your world or at least reveal how vulnerable Telecom Networks are! He’s revealed that SIM (Subscriber Identification Modules) Cards used in GSM (Global System Mobile) Phones can be hacked by simply sending a SMS (Simple Messaging Service) or Text Messaging faking the Telecom Networks Authentication Protocols.

Say what!

This at a time when Text Messaging is dying Worldwide, especially in Developed World Countries as stated in my blog article entitled CTIA reports a 5% decline in US Texting as Instant Messaging ramps up - WhatsApp's now Top Gun as The Dead Zone leads Star Trek Into the Darkness” albeit it may see something of a Renaissance in Developing World Countries. But shocking nonetheless!


This results in the Mobile UE (User Equiptment) i.e. Mobile Feature Phone, Smartphone or 3G or 4G Modem sending back the following pieces of crucial encrypted information as stated in the article “Millions of Sim cards are 'vulnerable to hack attack'”, published 22 July 2013 Last updated at 12:58 GMT, BBC News and “SIM card flaw said to allow hijacking of millions of Phones”, published July 21, 2013 10:46 AM PDT Steven Musil, CNET News:

1.      IMSI (International Mobile Subscriber Identification)
2.      IMEI (International Mobile Equiptment Identification)
3.      56-digit Network Authentication Code

In essence, with this information, a SIM Card for any Mobile Phone, SmartPhones included, can be cloned like a Debit or Credit Card and used to access the Customer Mobile Account. That means not only access to SMS Messages and making Voice Calls, but also 3G and 4G Internet and worst of all, Mobile Banking and Mobile Money Banking Platforms, allowing the hacker the ability to steal your Money.

He’s passed on this info to the GSMA (Global System Mobile Association) and the ITU (International Telecommunications Union) who are currently looking into the matter as it implies the unthinkable: 3G and 4G Networks that use the SIM Car to authenticate access are hackable.


Granted, according to Dr. Karsten Nohl, this vulnerability exists in 1 in 8 Mobile devices that uses a SIM Card and is made worse by the fact that the Telecom Provider still use older encryption schemas to encrypt the above information known as DES (Digital Encryption Standard), a cryptographic method developed by IBM back in the 70’s….and which is STILL being used today with no improvement.

So for those rushing the BOJ to a quick decision on Mobile Money Banking as noted in my blog article entitled “BOJ stalling on Mobile Money Regulations as new entrants appear - Herald for the Cashless Society as SmartPhones and Mobile Money are The Perfect Storm and Curse of Chucky”, this is yet another concern aside from the possibility of Money Laundering; it’s now possible to steal your Money using you Mobile Phones. This last note should be especially of concern to African countries, which use Mobile Money Platforms that are SMS based to send and receive Money all over the continent.

It also explains why the Librarian of the Library of Congress, the defender of the DMCA (Digital Millennium Copyright Act)  on Saturday 25th January 2013 made it illegal to unlock your Smartphone and Tablet to place it on another Telecom Provider’s Network as explained in my blog article entitled Librarian of the Library of Congress makes Smartphone unlocking Illegal - How Jamaica can benefit from the Safe Haven of MNP by banning unlocking of smartphones and Tablets”.

Thus calls for the lifting of the Ban on Mobile phone unlocking by the incoming FCC (Federal Communications commission) Chairman Tom Wheeler to give people the freedom to unlock their Mobile phones as stated in the article FCC’s new chairman wants to end ban on cell phone unlocking”, published June 18 2013, 4:45pm EST by Jon Brodkin, ARS Technica and “Incoming FCC Chair Calls For End To Ban On Unlocking Cell Phones”, published June 19, 2013 By Chris Morran, The Consumerist will no longer carry and may actually get him in trouble, forcing him to retract his statements.

This imminent hacking threat means that allowing American citizens this basic right of unlocking their Mobile Phones as they please will allow them to Hack Telecom Networks using the method described above and thus disrupts the Telecom Provider Apple Cart.


Theoretically, they can make free Calls and access Free Data, resulting in Telecom Provider losing Billions of dollars using a vulnerability that affects 750 million Mobile phones worldwide. FCC Chairman Tom Wheeler is supposed to protect the interest of the Telecom Providers, not make them lose money due to a potential hacking threat. How his job goes from here depends on how he handles this case.

But it’s Dr. Karsten Nohl’s other declarations that are cause for concern among Telecom Providers and debutants to the Mobile Money Banking in Jamaica, quote: “We can remotely install software on a handset that operates completely independently from your Phone. We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your Mobile identity, and charge to your account.” All achieved using off-the-shelf equiptment and a standard PC.

This sound rather familiar….

Back in March 2010 I did an article on how easy it was to make a skimmer and with the help of a hidden Camera Clone Debit Cards or Credit Cards, be they stolen or swiped with a skimmer attached to your person as explained in my blog article entitled “Debit Card Cloning and the Cashless Society”.

In that article I’d mentioned another possibility; this info could be a threat to the Banking Sector, as it could be used to hack Wireless POS (Point of Sale) devices and be a future threat to Mobile Banking and then Mobile Money Banking and the development of the Cashless Society to incorporate the unbanked as stated in my blog article entitled “Telecom Providers and Mobile Banking - Christmas a cum me wah me llama”.


In both article I’d passed on the recommendation of Dr. Karsten Nohl for Telecom Providers to upgrade their 64-bit A5/1 Codebooks to 128 bit A5/3 codebook. I even went the extra mile and recommended the even-harder-to-crack 512 A5/5 codebooks, as computing power and multi-core Processors will make these old coding schemas obsolete. Most likely the local Telecom Providers may have ignored this, thinking that to be the problem of First World countries with easily available computing muscle and Technical know-how, which many Caribbean Nationals lack access.

In an unrelated incident, Telecom Provider Digicel MINSAT and DWS Databases had gotten hacked back in 2009 by then 26 year old University of Technology Computer student Philpott Martin.  He then repeated the hack under different circumstances and was arrested on Saturday January 26th 2013 by the Jamaican Police even as he awaited his Bail hearing on his earlier crimes as explained in my blog article entitled “Digicel's Voicemail Problems as their MINSAT and DWS Databases get hacked by Robin Hood - Upgrade Voicemail to Paid Advertising and Fiber Optic Backhaul as it's A good Day to Die Hard”.

He also hacked the DPP (Director of Public Prosecutions) files relating to his case in February 2013 as noted in my blog article entitled “Mr. Philpott Martin is the DPP and Digicel Hacker - Jamaica Cybercrimes first Django Unchained makes it clear that Digicel's MINSAT and DWS are hackable”. There’s more to the case than meets the eye and in fact may involve a Police cover-up to gain access to Telecom Provider Digicel MINSAT and DWS Databases. I’m still follow up on that story.

Interestingly 2010 is the same year as the revelation by Dr. Karsten Nohl of the vulnerability in the 64-bit A5-1 Codebook, the GOJ (Government of Jamaica) decided to implement the Cybercrime Act or 2010, the first piece of Cybercrime legislating as we awoke to a simple fact: First World Problems were now at our Door and are set to get worse once more Jamaicans had access to information from the increasingly pervasive Wireless and Wired Internet Networks.

To this end the Cybercrime Act of 2010 was not only updated to make Hacking have penalties equivalent to 2nd Degree Murder or Grand Larceny. The Ministry of Science, Technology Energy and Mining has also drafted Local Jamaican White Hackers to help assist with the security of GOJ Websites as well as warn of potential threats to Private and Public Sector entities as noted in my blog article entitled “GOJ amends the CyberCrime Act of 2010, enlists Ethical Hackers in a Cyber Emergency Response Team - White Hat Hackers are the Q.U.E.E.N Project Janelle Monae and Erica Badu Style”.

Hopefully the Telecom Provider, Banking Sector and those interested in Mobile Money Banking here in Jamaica are now in Meeting with regard to the issue and are linking with the ITU and the GSMA as to what provisions are they making to mitigate against this new and dangerous Mobile Hacking technique.

In essence the Elysium (2013) that threatens Jamaica’s nascent Mobile Money Banking and the development of a Cashless Society.

No comments: