A weakness in SIM card encryption technology could allow attackers to snoop on mobile phone conversations, according to a Berlin-based security researcher.
No less than 750 million mobile handsets are affected by the flaw which allows hackers to obtain a SIM card’s 56-digit key that facilitates modification of the card, said Karsten Nohl, founder of Security Research Labs. Nohl told reporters he was able to carry out such a hack in just “two minutes using a standard PC.”
Among the things a potential hacker can do, one a SIM card’s digital key is cracked are:
- Read data embedded on the SIM
- Install software on the handset that runs independently of the phone
- Steal data from the SIM card
- Steal personal information
- Eavesdrop on phone conversations
- Alter account information
The vulnerability was found in the Digital Encryption Standard, a cryptographic method developed by IBM in the 1970s and used in billions of phones today.
RELATED CONTENT
Mobile malware threats increasing
Security in medical devices questions
The encryption method has been enhanced in the past decades since then but many handsets still use the old standard. A test showed that 1,000 SIM cards in Europe and North American shows signs of the flaw.