750 Million Mobile Phones Vulnerable to SIM Card Security Flaw
A researcher has found a security flaw that potentially opens up around 750 million SIM cards to hackers who could take control of a mobile phone.
The founder of Security Research Labs in Berlin, Karsten Nohl told the New York Times that the encryption hole would allow hackers to obtain a SIM card's 56-digit digital key, which then opens the SIM Card fpr modification.
Accessing the digital key allowed him to send a virus to a mobile phone via an SMS that enabled him to eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone's owner.
"We can remotely install software on a handset that operates completely independently from your phone," Mr. Nohl told the newspaper.
Once he had suspected the flaw existed, he has spent the past two years testing around 1,000 SIM Cards that his team bought, and he estimates that around a quarter of the SIM Cards are affected by the security flaw.
Most newer SIM Cards use a newer security system and are immune from the attack, but users who haven't changed their SIM Card for several years could be vulnerable.
The GSM Association has already been notified of the problem, which will be explained in more detail at the Black Hat conference next week.
In a statement, a GSM Association spokeswoman, Claire Cranton, said Mr. Nohl had sent the association outlines of his study, which the organization had passed along to operators and to makers of SIM cards that still relied on the older encryption standard.
It would also be possible for the networks to block the type of attack SMS that he used to breach the SIM Card security while they decide if it is necessary to issue replacement SIM cards to vulnerable customers.
On the web: New York Times
Tags: [sim card]