Million of mobile phones worldwide at risk as SIM cards successfully hacked

It’s no secret that smartphones are susceptible to malware attacks or remote hacks because they are almost always connected to the Internet. One part of the phone though has never been considered as a security risk – the SIM card. But that is about to change as German cryptographer Karsten Nohl and his team claim to have successfully found a flaw in the card and managed to hack it.

“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl confidently says. He found an encryption flaw in some old SIM cards that lets them remotely control a SIM card and make it send messages, record or redirect calls and to some extent use it to uncover the owner’s financial details.

Explaining the technicalities, Nohl said that the key to hacking these SIM cards is a programming language called ‘Java Card’, which phone companies use to send binary SMS to the phone to trigger Over-the-Air (OTA) programming. Nohl and his team observed that they could use this programming language coupled with a cryptographic method called ‘Rainbow Tables’ to crack the encryption key on a SIM card and send it executable commands.

The team realized that though each network carrier had a unique encrypted signature, they could still use the aforementioned methods to hack about half a billion mobile devices across the world. But putting all the fears to rest, Nohl says there is nothing to worry as cyber criminals haven’t yet been able to hack SIM cards. It could take them more than six months to find the flaw using his methods, by which time the network carriers would have fortified their cards.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s