CompareComparing...

750 Million Phones Vulnerable To Hacking Due To SIM Card Flaw

Now Reading
750 Million Phones Vulnerable To Hacking Due To SIM Card Flaw

Browse This Page

Up to 750 million mobile phones around the world carry SIM cards that contain a programming flaw that could leave their owners vulnerable to fraud. The bug allows a hacker to remotely access personal data and authorise illegal transactions within minutes. 

The flaw in question is found in SIM cards using DES (Data Encryption Standard) for encryption, which is an older standard that is slowly being phased out by most manufacturers, but the point is that it is still baked into hundreds of millions of SIMs across the world. The founder of German firm, Security Research Labs, Karsten Nohl, found that sending a fake carrier message to a phone prompted an automated response from 25% of DES-based SIMs, which revealed the cards’ 56-bit security key.

Once the sequence key is obtained hackers will be able to send a virus to the SIM card. This will allow eavesdropping on calls or allow mobile purchases with payments charged directly to the mobile account. 

Nohl added that “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

Nohl says his team had been unsuccessfully attempting to breach SIM cards since 2011, using over-the-air-programming (OTA) – unseen text messages that are sent by the mobile phone operator to change settings on the phone of a user within their network.

Mr. Nohl is a well known figure in the security industry. In 2009, he has published a software that can easily decode the 64-bit key needed to encrypt GSM-based conversations. This has caused the industry to scramble for a better safeguarding strategy. His Germany-located company, Security Research Labs, acts as advisor to multinational companies around Germany and the U.S on any issues involving mobile security.

[Via]

What's your reaction?
Awesome
0%
Epic
0%
Like
I Want This
0%
Meh
0%
About The Author
Shivaank Rana
Shivaank Rana
iGyaan's Carlos Santana! Shivaank loves Apple products! He stays up to date with the latest happenings of the tech world and gets his hands dirty with the latest Gadgets! Follow Him on Google Plus : Google+
4 comments
EsmailBeguwala
EsmailBeguwala

Why dont Mobile companies take back the susceptible sims and replace them with the secure type of sims by transferring the number to the new sim like they do in the case of theft or physical damage to the sim cards?

EsmailBeguwala
EsmailBeguwala

Why dont Mobile companies take back the susceptible sims and replace them with the secure type of sims by transferring the number to the new sim like they do in the case of theft or physical damage to the sim cards?

Rahul_KumarJDK
Rahul_KumarJDK

interesting indeed!,so carriers are using DES even today?they should have gone double or triple DES if not for AES,even a ordinary IT student know how to crack DES..you just need a recent GPU and then simply brute force.

Rahul_KumarJDK
Rahul_KumarJDK

interesting indeed!,so carriers are using DES even today?they should have gone double or triple DES if not for AES,even a ordinary IT student know how to crack DES..you just need a recent GPU and then simply brute force.