SIM Card Encryption Flaw Allows Cyber Criminals Hack Mobile Phones

A mobile security expert from Germany has discovered encryption flaw in some SIM cards that makes them vulnerable to cyber crimes and enable criminals to fully manipulate the mobile phone.

Karsten Nohl, founder of Berlin’s Security Research Labs, explained that the encryption hole enabled outsiders to get the SIM card’s digital key, a sequence that has 56 digits, to open the chip and modify it. Having the key in his hand, Mr. Nohl was able to send a viral text message to the SIM card. Upon sending, he is free to do several actions such as eavesdropping on a caller, making online purchases using a mobile payment method, and also impersonate the unsuspecting phone owner.

Mr. Nohl was able to perform the whole process in just a matter of two minutes by using a computer. He estimated that around 750 million phones could be vulnerable to cyber-related attacks.

The flaw was further described by Mr. Nohl to be the result of data encryption standard (DES), an encryption method used in the 1970s. Upon discovery of the breach, he conducted more research on the extent of the problem by running a two-year test on 1,000 SIM cards that are found on mobile phones which are under the European and North American phone networks. The devices and SIM cards used in the research are nevertheless owned by Mr. Nohl and members of his research team. In the end, they have concluded that around 25 percent of the SIM cards that run the older encryption technology show symptoms of the flaw.

Mr. Nohl is a well known figure in the security industry. In 2009, he has published a software that can easily decode the 64-bit key needed to encrypt GSM-based conversations. This has caused the industry to scramble for a better safeguarding strategy. His Germany-located company, Security Research Labs, acts as advisor to multinational companies around Germany and the U.S on any issues involving mobile security.

Real Time Analytics