In February of 2015, Edward Snowden revealed that NSA and GCHQ had breached one of the world's largest SIM card manufacturers to clone cards and crack encryption. But a presentation at Black Hat shows that not all of them really needed it.
Ο Yu Yu (yes, this is my real name, joked the researcher) is a professor of research at Shanghai Jiao Tong University. The researcher has gone through the past few years trying to learn how he can break the encryption codes on 3G and 4G cards.
These cards use AES-128, an encryption that is supposed to be impenetrable by brute force attacks. As it turns out, however, it is easy to break using channel analysis.
Side-channel attacks measure and analyze data such as consumption energy, τις ηλεκτρομαγνητικές εκπομπές, και την παραγωγή θερμότητας. Με την ανάλυση αυτών των δεδομένων ο ερευνητής μπορεί να μάθει τι ακριβώς συμβαίνει σε ένα chip.
The technique has existed for years, and requires physical access to the target machine.
Yu and his team used an oscilloscope to monitor power levels, a MP300-SC2 protocol for data traffic monitoring, a self-built SIM card reader, and a standard PC to match the results.
With the above they managed to break eight commercial SIM cards in 80 minutes.
The system could of course not read the encryption key directly from the cards. Instead, the research team isolated 256 sections of the key and sent them to those shown by the action of the SIM card.
This of course requires calculations and a bit of luck. But once they perfected the system it became comparatively much easier to break them wrenches encryption and clone the card.
Yu proved that cloned SIM cards can successfully imitate the original ones. It also showed how a cloned card could change the password to the Alipay service (one of the largest 3rd party payment system in China) και, ενδεχομένως, να αδειάσει τον account.
The hack demonstrated the need for more security for mobile phone users, Yu said.
Given its speed and convenience infringements intelligence agencies will be very interested in Yu's technique.
