The good old SIM card hacked for the first time, puts 750 million phones in snooping danger

posted by Daniel P. / Jul 22, 2013, 2:39 AM

The good old SIM card hacked for the first time, puts 750 million phones in snooping danger

A German researcher has done what was thought so far unthinkable - cracking the 56-digit unique code of the SIM card in your phone. This would essentially allow a third party to copy the data of your SIM card from afar, for example.

Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.

In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.

Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.

source: Forbes

Options

20 Comments

1. WHoyton1

Posts: 1635; Member since: Feb 21, 2013

That's pretty impressive but pretty scary at the same time.....hmmmmm

posted on Jul 22, 2013, 2:44 AM 2

14. Android-Boxer

Posts: 13; Member since: Aug 15, 2012

56 digit hack? damn! Super intelligent he is.. But bro for the process, he needs the phone number. So it won't be scary unless he founds out your number.. But yeah he can guess any number and do the crack..

posted on Jul 22, 2013, 7:21 AM 3

16. Jack58221

Posts: 157; Member since: Feb 23, 2013

so the next time you get a call from an unknown number guess what's coming next? I may not be able to come up with your number, but I could come up with hundreds of number in just a few minutes. heck, I could use my area code and one of the older prefixes from my area and come up with a hand full of older phones.

posted on Jul 22, 2013, 9:04 AM 0

20. Android-Boxer

True that! It sounds scary noww...

posted on Jul 23, 2013, 1:24 AM 0

2. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Meh. The exploit applies to SIM cards encrypted with DES algorithm. Newer SIM cards have stronger encryption.

posted on Jul 22, 2013, 2:45 AM 1

19. Googler

Posts: 813; Member since: Jun 10, 2013

And most phones these days use micro-sim cards so they are definitely new in comparison.

posted on Jul 22, 2013, 8:05 PM 0

3. MartianMe unregistered

Damn !!!why can we live in a good world at least for one day...

posted on Jul 22, 2013, 2:55 AM 4

4. aditya.k

Posts: 496; Member since: Mar 10, 2013

You mean can't?

posted on Jul 22, 2013, 3:08 AM 6

6. MartianMe unregistered

Yeah!!...thanks.

posted on Jul 22, 2013, 3:14 AM 0

11. androidrocks

Posts: 62; Member since: Apr 14, 2012

Come on...this is good for us. This guy is presenting the flaw (hack) publicly so that carriers would know what it is...Imagine if some bad guy exploits this vulnerability and no one knows about it... This can cause millions of dollars of damage to the carriers and of course, the consumer.

posted on Jul 22, 2013, 4:15 AM 1

5. Taters

Posts: 6474; Member since: Jan 28, 2013

Hmmmm. Too bad this doesn't work on the newer sim cards. I would love a hack that allowed me to use one sim card for two phones. I would have two or three phones with the same number. Swapping sim cards every time you want to change phones makes this unfeasible but if I can hack my sim so I can have a duplicate without my carrier knowing, I would love it. haha

posted on Jul 22, 2013, 3:11 AM 0

7. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

What happens when there's a call?? You get a stereo phone call?

posted on Jul 22, 2013, 3:29 AM 2

9. SprintPower

Posts: 74; Member since: Dec 29, 2008

You pickup whatever phone you want to use and answer it normally. God some people are stupid.

posted on Jul 22, 2013, 3:52 AM 3

10. Nathan_ingx

You don't think i've thought about that? That's just going to be the beginning of problems.

posted on Jul 22, 2013, 4:02 AM 1

15. Beholder88

Posts: 86; Member since: Mar 30, 2012

That wouldn't work anyway. The carriers can track how many phones are connected to the network, if they noticed 3 different device ID's with the same SIM number, they would most likely all get shut down.