The good old SIM card hacked for the first time, puts 750 million phones in snooping danger

The good old SIM card hacked for the first time, puts 750 million phones in snooping danger
A German researcher has done what was thought so far unthinkable - cracking the 56-digit unique code of the SIM card in your phone. This would essentially allow a third party to copy the data of your SIM card from afar, for example.

Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.

In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.

Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.

source: Forbes

FEATURED VIDEO

20 Comments

1. WHoyton1

Posts: 1635; Member since: Feb 21, 2013

That's pretty impressive but pretty scary at the same time.....hmmmmm

14. Android-Boxer

Posts: 13; Member since: Aug 15, 2012

56 digit hack? damn! Super intelligent he is.. But bro for the process, he needs the phone number. So it won't be scary unless he founds out your number.. But yeah he can guess any number and do the crack..

16. Jack58221

Posts: 157; Member since: Feb 23, 2013

so the next time you get a call from an unknown number guess what's coming next? I may not be able to come up with your number, but I could come up with hundreds of number in just a few minutes. heck, I could use my area code and one of the older prefixes from my area and come up with a hand full of older phones.

20. Android-Boxer

Posts: 13; Member since: Aug 15, 2012

True that! It sounds scary noww...

2. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Meh. The exploit applies to SIM cards encrypted with DES algorithm. Newer SIM cards have stronger encryption.

19. Googler

Posts: 813; Member since: Jun 10, 2013

And most phones these days use micro-sim cards so they are definitely new in comparison.

3. MartianMe unregistered

Damn !!!why can we live in a good world at least for one day...

4. aditya.k

Posts: 496; Member since: Mar 10, 2013

You mean can't?

6. MartianMe unregistered

Yeah!!...thanks.

11. androidrocks

Posts: 62; Member since: Apr 14, 2012

Come on...this is good for us. This guy is presenting the flaw (hack) publicly so that carriers would know what it is...Imagine if some bad guy exploits this vulnerability and no one knows about it... This can cause millions of dollars of damage to the carriers and of course, the consumer.

5. Taters

Posts: 6474; Member since: Jan 28, 2013

Hmmmm. Too bad this doesn't work on the newer sim cards. I would love a hack that allowed me to use one sim card for two phones. I would have two or three phones with the same number. Swapping sim cards every time you want to change phones makes this unfeasible but if I can hack my sim so I can have a duplicate without my carrier knowing, I would love it. haha

7. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

What happens when there's a call?? You get a stereo phone call?

9. SprintPower

Posts: 74; Member since: Dec 29, 2008

You pickup whatever phone you want to use and answer it normally. God some people are stupid.

10. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

You don't think i've thought about that? That's just going to be the beginning of problems.

15. Beholder88

Posts: 86; Member since: Mar 30, 2012

That wouldn't work anyway. The carriers can track how many phones are connected to the network, if they noticed 3 different device ID's with the same SIM number, they would most likely all get shut down.

8. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

What's next? You hack an MicroSD card?

12. axbog

Posts: 21; Member since: Jun 03, 2013

Not too brite chap, are you?

13. Nathan_ingx

Posts: 4766; Member since: Mar 07, 2012

Not too joke conscious are you?

17. Jack58221

Posts: 157; Member since: Feb 23, 2013

Like Yoda does he type.

18. Supaheight

Posts: 66; Member since: Sep 29, 2012

man that bs so that means he can use all the money you've in the sim

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.