These capabilities alone provide plenty of potential for abuse. Applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions.
The cracked DES key enables an attacker to send properly signed binary SMS, which download Java applets onto the SIM. A rainbow table resolves this plaintext-signature tuple to a 56-bit DES key within two minutes on a standard computer. The SIM does not execute the improperly signed OTA command, but does in many cases respond to the attacker with an error code carrying a cryptographic signature, once again sent over binary SMS. To derive a DES OTA key, an attacker starts by sending a binary SMS to a target device. DES keys were shown to be crackable within days using FPGA clusters, but they can also be recovered much faster by leveraging rainbow tables similar to those that made GSM’s A5/1 cipher breakable by anyone. While the option exists to use state-of-the-art AES or the somewhat outdated 3DES algorithm for OTA, many (if not most) SIM cards still rely on the 70s-era DES cipher.
OTA commands, such as software updates, are cryptographically-secured SMS messages, which are delivered directly to the SIM. While this extensibility is rarely used so far, its existence already poses a critical hacking risk.
Through over-the-air (OTA) updates deployed via SMS, the cards are even extensible through custom Java software. With over seven billion cards in active use, SIMs may well be the most widely used security token in the world. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. SIM cards are the de facto trust anchor of mobile devices worldwide.