Home > CAPEC List > CAPEC-614: Rooting SIM Cards (Version 2.11)  

CAPEC-614: Rooting SIM Cards

Rooting SIM Cards
Definition in a New Window Definition in a New Window
Attack Pattern ID: 614
Abstraction: Detailed
Status: Draft
Completeness: Stub
Presentation Filter:
+ Summary

SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. This attack leverages over-the-air (OTA) updates deployed via cryptographically-secured SMS messages to deliver executable code to the SIM. By cracking the DES key, an attacker can send properly signed binary SMS messages to a device, which are treated as Java applets and are executed on the SIM. These applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.

+ Attack Prerequisites
  • A SIM card that relies on the DES cipher.

+ Typical Severity


+ Attacker Skills or Knowledge Required

Skill or Knowledge Level: Medium

This is a sophisticated attack, but detailed techniques are published in open literature.

+ Solutions and Mitigations

Upgrade the SIM card to use the state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA.

+ Attack Motivation-Consequences
ScopeTechnical ImpactNote
Execute unauthorized code or commands
+ Technical Context
Architectural Paradigms
+ References
[R.614.1] Karsten Nohl. "Rooting SIM Cards". Security Research Labs. <https://srlabs.de/rooting-sim-cards/>.
+ Content History
CAPEC Content TeamThe MITRE Corporation2015-11-09Internal_CAPEC_Team
Previous Entry Names
DatePrevious Entry Name
2017-01-09Rooting SIM CardS

More information is available — Please select a different filter.
Page Last Updated or Reviewed: August 04, 2017