The good old SIM card hacked for the first time, puts 750 million phones in snooping danger
A German researcher has done what was thought so far unthinkable - cracking the 56-digit unique code of the SIM card in your phone. This would essentially allow a third party to copy the data of your SIM card from afar, for example.
Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.
In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.
Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.