Recently discussed vulnerabilities enable remote SIM malware deployment and in some cases even remote SIM cloning. At this year’s hacker camp OHM 2013, the SRLabs team offered four SIM card security workshops.
The measurements taken at the OHM workshops confirmed that more than a quarter of European SIM cards still disclose signed error messages, of which about half can be cracked due to their use of DES. Each crack takes about two minutes with a complete set of rainbow tables on a standard computer. (At OHM, cards were tested with an incomplete set resulting in a discount in the number of actually cracked cards.)
Network operators are encouraged to upgrade their cards to AES (or 3DES) or disable the OTA functionality of vulnerable cards before criminals are able to infect SIM cards with viruses.
The OHM2013 presentation on Exploiting SIM Cards provides details on the method, test results, and mitigation options.