It’s no secret that smartphones are susceptible to malware attacks or remote hacks because they are almost always connected to the Internet. One part of the phone though has never been considered as a security risk – the SIM card. But that is about to change as German cryptographer Karsten Nohl and his team claim to have successfully found a flaw in the card and managed to hack it.
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl confidently says. He found an encryption flaw in some old SIM cards that lets them remotely control a SIM card and make it send messages, record or redirect calls and to some extent use it to uncover the owner’s financial details.
Explaining the technicalities, Nohl said that the key to hacking these SIM cards is a programming language called ‘Java Card’, which phone companies use to send binary SMS to the phone to trigger Over-the-Air (OTA) programming. Nohl and his team observed that they could use this programming language coupled with a cryptographic method called ‘Rainbow Tables’ to crack the encryption key on a SIM card and send it executable commands.
The team realized that though each network carrier had a unique encrypted signature, they could still use the aforementioned methods to hack about half a billion mobile devices across the world. But putting all the fears to rest, Nohl says there is nothing to worry as cyber criminals haven’t yet been able to hack SIM cards. It could take them more than six months to find the flaw using his methods, by which time the network carriers would have fortified their cards.