Schneier on Security
A blog covering security and security technology.
« My Talk on the NSA |
| Friday Squid Blogging: Giant Squid TED Talk »
February 14, 2014
MONKEYCALENDAR: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog:
(TS//SI//REL) MONKEYCALENDAR is a software implant for GSM (Global System for Mobile communication) subscriber identity module (SIM) cards. This implant pulls geolocation information from a target handset and exfiltrates it to a user-defined phone number via short message service (SMS).
(TS//SI//REL) Modern SIM cards (Phase 2+) have an application program interface known as the SIM Toolkit (STK). The STK has a suite of proactive commands that allow the SIM card to issue commands and make requests to the handset. MONKEYCALENDAR uses STK commands to retrieve location information and to exfiltrate data via SMS. After the MONKEYCALENDAR file is compiled, the program is loaded onto the SIM card using either a Universal Serial Bus (USB) smartcard reader or via over-the-air provisioning. In both cases, keys to the card may be required to install the application depending on the service provider's security configuration.
Unit Cost: $0
Status: Released, not deployed.
Page, with graphics, is here. General information about TAO and the catalog is here.
In the comments, feel free to discuss how the exploit works, how we might detect it, how it has probably been improved since the catalog entry in 2008, and so on.
Posted on February 14, 2014 at 3:19 PM
• 15 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The key detail here is,
In both smartcard reader or via over-the-air provisioning. In both cases, keys to the card may be required to install the application depending on the service provider's security configuration
Some SIMs have reasonable quality crypto others have single DES or security holes large enough to push a tank though.
Aproximately 1/6 SIM cards are eaisly crackable today, back then it would have been over a third.
Further contrary to expectation not all service providers are that concerned about the security of SIM keys, which means "implanted employees" or "overnight black bag jobs" will get copies of them.
All that then has to happen is the handset associate with a "cell tower" controled by the attacker and out goes the OTA message.
As has been indicated befor a couple of hundred bucks will buy you a Pico-Cell and the other bits (amp directional antennas etc) to get the person in their home or office.
Alternativly a SIM can be "cloned" and just swapped by an operative who can get access to your phone for a couple of minutes. This works very effectivly when a person is not using their "home network" so if "customs/imigration" borrow your phone assume it's been "owned"...
For this particular case, when passing through customs, you could swap out your SIM card for a dummy. But that only covers this case.
The larger question: Is there any feasible way of performing an audit of the contents of your cell phone? Both internal storage and SIM card?
My take is that for phones with non-removable internal storage, you are pretty much out of luck. Since the phone boots off possibly-subverted software, using the phone's CPU to do an audit is dubious at best. Audit software could make phones more resistant to subversion, but only that.
If all storage in the phone were removable, then you could perform an audit on a known-clean system. That still does not protect against hardware hacks. The old rule that security requires control over physical access, still applies.
This exploit is only useful/enabling against those who have SIM's at the extreme edges of coverage where "four+ circles" triangulation doesn't suffice: people on the edge of "nowhere" somewhere in the boonies or desert
I guess you don't travel much... and have a US centric viewpoint.
This is a tool to use on people who move around a lot with their phone mainly turned off.
You turn it on anywhere in range of a cell tower and like the proverbial "linit in a cage" it will sing out.
No problem with persons out of juresdiction where getting the meta data from a service provider might be difficult politicaly or legaly.
Further no real issue with people faking their location using high gain antennas and long cable runs or active path extenders. Because it's the phones own GPS reading that is being sent not the position fix on the "supposed" antenna.
There is also another issue, let's say you are "smarter than the average bear" and decide to remove or disable the GPS device in your phone... This system will tell those attackers with an interest and they can then just disable the phone so it becomes usless. You think you've bricked it yourself and thus don't be smart with your next phone...
Clive: this feels like deja vu. Weren't we speaking about just this topic only a short while ago?
I liked the concept of their other tool which monitored roaming to detect phones as they crossed into the United States. I expect that this would have real utility .... Until their targets wised up and stopped using cellphones all together.
@ Mike the Goat,
Clive: this feels like deja vu. Weren't we speaking about just this topic only a short while ago?
Yes here and other places. People tend to forget who realy owns their phone... At the end of the day it's who ever owns the SIM and uses it to do implants etc...
First off the problem is not one of which deity --if any-- they chose to beleive in (remember Jews, Christians and Muslims all with there diferent sects all beleive in "the one God").
After all Columbian drug barons, Chechnen seperitists and many others know from experiance that the US with "rusty rivet" or similar can find Sat phones and drop a modified anti radar missile down the RF path when they are in use.
So sat phones are out thus the next best thing is the mobile network in which ever country they might be in. Often the choice for various political and economic reasons is one supplier.
Now without going into the issues of Frenzsl Zones and similar there are limits to what you can do with the RF side of mobile phones. The simplest is the "passive repeater" which is two high gain antennas connected by a length of low loss coax. You usualy see this with TV service where coverage does not go into valleys etc. So one antenna is pointed at the base station usually this is the highest gain antenna with narrowest beam width as the base station generaly does not "go walkabout". The user side is usually lower gain and designed to have a broad beam width to cover as much of the vally as possible. Such systems are simple and reliable but importantly cheap to implement and deploy and have a low footprint to surveilance.
What I would sugest these days is making a more complex system equivalent to a car hands free kit which uses very high frequency EM in either the visable or near IR bands and use simple optics --telescopes etc-- in sheild tubes to reduce beam width to a minimum. This way the mobile can be stuck on a roof top of a hospital or water tower etc etc which even the NSA should regard as a "bad publicity" target.
Now befor anyone accuses me of giving terrorists ideas the IRA were using optical command systems to detonate what we now call IEDs and it's been well documented in the public arena.
Terrorists are in effect "irregular forces" so like other forces irregular or not they need to communicate in a timely manner. They could get amature radio or CB or PMR systems or even WiFi but these are all fairly obvious to the likes of "rusty rivet" and thus using them is a "self signed execution order" and they know it. So for all it's defects mobile phones are still the best option available to them due to the number of users. It's well known that --supposadly-- AQ affiliated insurgents in Afghanistan use "burner" mobile phones for "spotter" / "indirect fire control" of heavy guns and mortars. UK/US forces use lightly modified consumer scanner equipment to get a warning of "spotters" but it's a problematic game in that it's only when they are under fire they get local sigint.
But my personal view is this TAO method is not for terrorists but foreign government ministers and senior business men. And for this it's probably the best fit they are going to need to do the job.
If you care to think back to the Greek Olympics it's more than likely this or a similar method was in use.
FBI uses OTA updates on SIMs to track or implant spyware. Telecoms are either giving the NSA access to their OTA update keys like they do the FBI or the NSA steals them.
A SIM physical wrapper like TurboSIM can block incoming OTA
Derp, of course you don't have to use a SIM at all, Android you can randomize your wireless MAC on boot or demand if you have root, then just use wifi encrypted voip like the program Ostel.
@Clive: You mentioned the Greek Olympics - what was the background to that ?
@ Iain Moffat,
Clive: You mentioned the Greek Olympics - what was the background to that ?
Have a look at,
And note the US connection at the end to Maryland, it's kind of got a certain US intel agencies finger prints on it in what would appear to be an inept way...
I'm dying to know what they've put in 4G SIMs, including those that go in CDMA phones (used almost exclusively by Americans). Even though Android is open-source, I also would love to know what's in the factory/stock builds, and of course in all the bloatware you aren't allowed to uninstall without root. My firewall on my Android reports that something is always trying to phone home. "Android System" constantly tries to connect to things. Any ideas?
"After the MONKEYCALENDAR file is compiled, the program is loaded onto the SIM card using either a Universal Serial Bus (USB) smartcard reader or via over-the-air provisioning. In both cases, keys to the card may be required to install the application depending on the service provider's security configuration."
NY Times yesterday, last paragraph:
"The Australians have obtained nearly 1.8 million encrypted master keys, which are used to protect private communications, from the Telkomsel mobile telephone network in Indonesia, and developed a way to decrypt almost all of them, according to a 2013 N.S.A. document."
"The Americans and the Australians secretly share broad access to the Indonesian telecommunications system, the documents show. The N.S.A. has given the Australians access to bulk call data from Indosat, an Indonesian telecommunications provider, according to a 2012 agency document."
Has anybody ever done a study of password capture by seeing what passwords people mistakenly type at the username/login/handle prompt, or into the password field if the first password they try doesn't work?
Seems to me that's got to be an effective way of capturing a lot of people's passwords for various accounts. I would guess that most people space out and type their password prematurely sometimes, or if a password doesn't work, they try other passwords they frequently use, rather than remembering for sure which password goes with which account.
I don't recall ever seeing this mentioned, but I'm not a security person. I've been wondering about it for years.
While I don't share TenThousand's paranoid outlook on triangulation (unless the area target happens to be in is a Flatland-style plain with no landscape, buildings, or interference to speak of), the operational utility of this little thingamajig seems limited to situations where you absolutely have to pillage phone's own geolocation data or the provider is grossly negligent about its keys (happens more often than one would like to think)
Still, it would be interesting to learn how to block SIM OTA updates (one obvious route, for older SIMs, would be to clone them yourself using some of the "researcher programmable SIM toolkits" which have a notably crippled SIMToolkit functionality)
TurboSIM/podsimka seems interesting in this regard, but one has to wonder how reliable it is, given that OTA suppression isn't exactly the functionality those kits were designed for in the first place.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..