The good old SIM card hacked for the first time, puts 750 million phones in snooping danger

A German researcher has done what was thought so far unthinkable - cracking the 56-digit unique code of the SIM card in your phone. This would essentially allow a third party to copy the data of your SIM card from afar, for example.

Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.

In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.

Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.

source: Forbes

20 Comments

Options

Close Follow ›

posted on 22 Jul 2013, 02:44 2

1. WHoyton1 (Posts: 1635; Member since: 21 Feb 2013)

That's pretty impressive but pretty scary at the same time.....hmmmmm

posted on 22 Jul 2013, 07:21 3

14. Android-Boxer (Posts: 13; Member since: 15 Aug 2012)

56 digit hack? damn! Super intelligent he is.. But bro for the process, he needs the phone number. So it won't be scary unless he founds out your number.. But yeah he can guess any number and do the crack..

posted on 22 Jul 2013, 09:04

16. Jack58221 (Posts: 157; Member since: 23 Feb 2013)

so the next time you get a call from an unknown number guess what's coming next? I may not be able to come up with your number, but I could come up with hundreds of number in just a few minutes. heck, I could use my area code and one of the older prefixes from my area and come up with a hand full of older phones.

posted on 23 Jul 2013, 01:24

20. Android-Boxer (Posts: 13; Member since: 15 Aug 2012)

True that! It sounds scary noww...

posted on 22 Jul 2013, 02:45 1

2. Droid_X_Doug (Posts: 5993; Member since: 22 Dec 2010)

Meh. The exploit applies to SIM cards encrypted with DES algorithm. Newer SIM cards have stronger encryption.

posted on 22 Jul 2013, 20:05

19. Googler (Posts: 813; Member since: 10 Jun 2013)

And most phones these days use micro-sim cards so they are definitely new in comparison.

posted on 22 Jul 2013, 02:55 4

3. MartianMe (unregistered)

Damn !!!why can we live in a good world at least for one day...

posted on 22 Jul 2013, 03:08 6

4. aditya.k (Posts: 496; Member since: 10 Mar 2013)

You mean can't?

posted on 22 Jul 2013, 03:14

6. MartianMe (unregistered)

Yeah!!...thanks.

posted on 22 Jul 2013, 04:15 1

11. androidrocks (Posts: 62; Member since: 14 Apr 2012)

Come on...this is good for us. This guy is presenting the flaw (hack) publicly so that carriers would know what it is...Imagine if some bad guy exploits this vulnerability and no one knows about it... This can cause millions of dollars of damage to the carriers and of course, the consumer.

posted on 22 Jul 2013, 03:11

5. Taters (banned) (Posts: 6474; Member since: 28 Jan 2013)

Hmmmm. Too bad this doesn't work on the newer sim cards. I would love a hack that allowed me to use one sim card for two phones.

I would have two or three phones with the same number. Swapping sim cards every time you want to change phones makes this unfeasible but if I can hack my sim so I can have a duplicate without my carrier knowing, I would love it. haha

posted on 22 Jul 2013, 03:29 2

7. Nathan_ingx (Posts: 4289; Member since: 07 Mar 2012)

What happens when there's a call??
You get a stereo phone call?

posted on 22 Jul 2013, 03:52 3

9. SprintPower (Posts: 74; Member since: 29 Dec 2008)

You pickup whatever phone you want to use and answer it normally. God some people are stupid.

posted on 22 Jul 2013, 04:02 1

10. Nathan_ingx (Posts: 4289; Member since: 07 Mar 2012)

You don't think i've thought about that?
That's just going to be the beginning of problems.

posted on 22 Jul 2013, 07:40

15. Beholder88 (Posts: 85; Member since: 30 Mar 2012)

That wouldn't work anyway. The carriers can track how many phones are connected to the network, if they noticed 3 different device ID's with the same SIM number, they would most likely all get shut down.