750 million phones jeopardized by SIM card flaw

A weakness in SIM card encryption technology could allow attackers to snoop on mobile phone conversations, according to a Berlin-based security researcher.

No less than 750 million mobile handsets are affected by the flaw which allows hackers to obtain a SIM card’s 56-digit key that facilitates modification of the card, said Karsten Nohl, founder of Security Research Labs. Nohl told reporters he was able to carry out such a hack in just “two minutes using a standard PC.”

Among the things a potential hacker can do, one a SIM card’s digital key is cracked are:

  • Read data embedded on the SIM
  • Install software on the handset that runs independently of the phone
  • Steal data from the SIM card
  • Steal personal information
  • Eavesdrop on phone conversations
  • Alter account information

The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s and used in billions of phones today.


Mobile malware threats increasing
Security in medical devices questions

The encryption method has been enhanced in the past decades since then but many handsets still use the old standard. A test showed that 1,000 SIM cards in Europe and North American shows signs of the flaw.

Read the whole story here



Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now