cards are among the most widely-deployed computing platforms with over 7
billion cards in active use.
Cracking SIM cards has long been the Holy
Grail of hackers because the tiny devices are located in phones and allow
operators to identify and authenticate subscribers as they use networks.
A German cryptographer Karsten Nohl, the founder of Security
Research Labs claims to have found encryption and software flaws that could
affect millions of SIM cards, and allows hackers to remotely gain control of and
also clone certain mobile SIM cards.
is the first hack of its kind in a decade. Nohl will be presenting his findings
at the Black Hat security conference this year. He and his team tested close to
1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS.
to him, Hackers could use compromised SIMs to commit financial crimes or engage
in espionage. Once a hacker copies a SIM, it can be used to make calls and send
text messages impersonating the owner of the phone.
The exploit only works on SIMs that use an old encryption technology known as
DES. DES is used in around three billion mobile SIMs worldwide, of which Nohl
estimates 750 million are vulnerable to the attack.
GSMA, which represents nearly 800 mobile operators, will notify
telecommunications regulators and other government agencies in nearly 200
countries about the potential threat and also reach out to hundreds of mobile
companies, academics and other industry experts.
Nohl believes that cyber criminals have already found the bug. Now the
theoretical details of the vulnerability is out, he expects it would take them
at least six months to crack it, by which time the wireless industry will have
implemented available fixes.