So, even if the vulnerability (with insecure keys) is fixed, unless the architecture is changed, I suppose all sim-cards will remain wide-open to intelligence services -- as one would have to assume that they'd put quite an effort into getting their hands on a copy of these keys.
The architecture is fine. A better explanation would be: if an incompetent operator use obsolete technology then its SIM card can be hacked. But any half-decent should be immune to this (there are billions of SIMs, and here it's "millions" only vulnerable).
First, in a proper network the mobile device and the network mutually authenticate themselves. So the cell can't be faked. Then it's very easy for the network to filter such management SMS and only allow them from their trusted server. It's a very basic security precaution. If done, you don't depend on the SIM crypto scheme for secure SMS, but here too using DES is a joke and 3DES / AES have been available for ages.
So I guess it's another sensationalistic report made to draw readers for most.
As for intelligence services, they already have access for domestic operators. This could only be for foreign and loosy operators maybe.
SIM's use a derived key - which means that getting your hands on that key would only affect that specific SIM, and generally the Km (master key) exists only on an HSM.
There's not much point in the intelligence services going after these keys, if they can just put a box in the operator's data center and capture unencrypted traffic
I had no idea that SIM cards executed code. I naively assumed they just contained hard-coded information, similar to a credit card. The fast that they execute Java applets blows my mind.
Since iOS doesn't run Java applets, would all iPhones be safe from this? Or does this mean SIM cards run some form of JVM and can be infected regardless of the phone OS?
The latter. A SIM chip is a microprocessor with it's own OS. Many SIMs today run a version of the JVM that has been stripped down and retooled for the more constrained environment on the smart card (see http://en.wikipedia.org/wiki/Java_Card).
However, I would be very surprised if a phone bought in the last 5 years was susceptible to this attack. I used to work for one of the leading providers of SIM chips and almost all of our product was using 3DES or AES, and that was several years ago.
I've seen freshly built networks about 5 years ago that had no encryption or authentication what-so-ever on their SIM cards. Anybody could "brick" any SIM with an OTA command to overwrite the IMSI file, or intercept SMSes by overwriting the SMS service center address, etc.
SIM vendor didn't want to install crypto keys for free, network operator didn't understand the importance...
1. Use a USB SIM card reader to see the contents of the standard files on your SIM to see if encryption is enabled.
2. Use a SIM-OTA system to send a command and see if it works. For example, overwrite your Service Provider Name (SPN) file with "Foobar", reboot your phone, and see if you now see this name instead of "AT&T" (or whatever).
3. Build your own SIM OTA system and do the above. This is easy. You just need a way to send SMS with the OTA bit set: e.g. a USB GSM modem on a network that allows it or an internet SMS gateway that allows it.
I built a commercial SIM-OTA platform about 6-7 years ago that's sold by a big OEM. This was interesting: SIM card vendors really don't like the idea of network operators being able to independently do stuff with the SIMs they buy.
