Rooting & Modding Mobile payments

The good old SIM card hacked for the first time, puts 750 million phones in snooping danger

Daniel P.
posted by Daniel P.
Jul 22, 2013, 2:39 AM
The good old SIM card hacked for the first time, puts 750 million phones in snooping danger
A German researcher has done what was thought so far unthinkable - cracking the 56-digit unique code of the SIM card in your phone. This would essentially allow a third party to copy the data of your SIM card from afar, for example.

Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.

In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.

Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.

source: Forbes

FEATURED VIDEO

Options

20 Comments

Supaheight
Reply

18. Supaheight

Posts: 66; Member since: Sep 29, 2012

man that bs so that means he can use all the money you've in the sim

posted on Jul 22, 2013, 6:52 PM

Nathan_ingx
Reply

8. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

What's next? You hack an MicroSD card?

posted on Jul 22, 2013, 3:31 AM

axbog
Reply

12. axbog

Posts: 21; Member since: Jun 03, 2013

Not too brite chap, are you?

posted on Jul 22, 2013, 4:40 AM

Nathan_ingx
Reply

13. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

Not too joke conscious are you?

posted on Jul 22, 2013, 5:16 AM

Jack58221
Reply

17. Jack58221

Posts: 157; Member since: Feb 23, 2013

Like Yoda does he type.

posted on Jul 22, 2013, 9:09 AM

Taters
Reply

5. Taters

Posts: 6474; Member since: Jan 28, 2013

Hmmmm. Too bad this doesn't work on the newer sim cards. I would love a hack that allowed me to use one sim card for two phones. I would have two or three phones with the same number. Swapping sim cards every time you want to change phones makes this unfeasible but if I can hack my sim so I can have a duplicate without my carrier knowing, I would love it. haha

posted on Jul 22, 2013, 3:11 AM

Nathan_ingx
Reply

7. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

What happens when there's a call?? You get a stereo phone call?

posted on Jul 22, 2013, 3:29 AM

SprintPower
Reply

9. SprintPower

Posts: 74; Member since: Dec 29, 2008

You pickup whatever phone you want to use and answer it normally. God some people are stupid.

posted on Jul 22, 2013, 3:52 AM

Nathan_ingx
Reply

10. Nathan_ingx

Posts: 4769; Member since: Mar 07, 2012

You don't think i've thought about that? That's just going to be the beginning of problems.

posted on Jul 22, 2013, 4:02 AM

Beholder88
Reply

15. Beholder88

Posts: 86; Member since: Mar 30, 2012

That wouldn't work anyway. The carriers can track how many phones are connected to the network, if they noticed 3 different device ID's with the same SIM number, they would most likely all get shut down.

posted on Jul 22, 2013, 7:40 AM

MartianMe unregistered
Reply

3. MartianMe unregistered

Damn !!!why can we live in a good world at least for one day...

posted on Jul 22, 2013, 2:55 AM

aditya.k
Reply

4. aditya.k

Posts: 496; Member since: Mar 10, 2013

You mean can't?

posted on Jul 22, 2013, 3:08 AM

MartianMe unregistered
Reply

6. MartianMe unregistered

Yeah!!...thanks.

posted on Jul 22, 2013, 3:14 AM

androidrocks
Reply

11. androidrocks

Posts: 63; Member since: Apr 14, 2012

Come on...this is good for us. This guy is presenting the flaw (hack) publicly so that carriers would know what it is...Imagine if some bad guy exploits this vulnerability and no one knows about it... This can cause millions of dollars of damage to the carriers and of course, the consumer.

posted on Jul 22, 2013, 4:15 AM

Droid_X_Doug
Reply

2. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Meh. The exploit applies to SIM cards encrypted with DES algorithm. Newer SIM cards have stronger encryption.

posted on Jul 22, 2013, 2:45 AM

Googler
Reply

19. Googler

Posts: 813; Member since: Jun 10, 2013

And most phones these days use micro-sim cards so they are definitely new in comparison.

posted on Jul 22, 2013, 8:05 PM

WHoyton1
Reply

1. WHoyton1

Posts: 1635; Member since: Feb 21, 2013

That's pretty impressive but pretty scary at the same time.....hmmmmm

posted on Jul 22, 2013, 2:44 AM

Android-Boxer
Reply

14. Android-Boxer

Posts: 13; Member since: Aug 15, 2012

56 digit hack? damn! Super intelligent he is.. But bro for the process, he needs the phone number. So it won't be scary unless he founds out your number.. But yeah he can guess any number and do the crack..

posted on Jul 22, 2013, 7:21 AM

Jack58221
Reply

16. Jack58221

Posts: 157; Member since: Feb 23, 2013

so the next time you get a call from an unknown number guess what's coming next? I may not be able to come up with your number, but I could come up with hundreds of number in just a few minutes. heck, I could use my area code and one of the older prefixes from my area and come up with a hand full of older phones.

posted on Jul 22, 2013, 9:04 AM

Android-Boxer
Reply

20. Android-Boxer

Posts: 13; Member since: Aug 15, 2012

True that! It sounds scary noww...

posted on Jul 23, 2013, 1:24 AM

view all comments
Want to comment? Please Log in or sign up.

Featured stories

LG V60 ThinQ goes official with massive battery, 5G support, 64MP camera
LG V60 ThinQ goes official with massive battery, 5G support, 64MP camera
Huawei Mate Xs: hands-on with the futuristic 5G foldable
Huawei Mate Xs: hands-on with the futuristic 5G foldable
Google Pixel 4 XL review 4 months later: is it worth getting one in 2020?
Google Pixel 4 XL review 4 months later: is it worth getting one in 2020?
Sony Xperia 1 II is here: brings back what people want, adds 5G and more improvements
Sony Xperia 1 II is here: brings back what people want, adds 5G and more improvements
Samsung Galaxy S20 Ultra vs iPhone 11 Pro Max Camera Comparison
Samsung Galaxy S20 Ultra vs iPhone 11 Pro Max Camera Comparison
Samsung Galaxy S20 Ultra: 120Hz vs 60Hz Battery Life Comparison
Samsung Galaxy S20 Ultra: 120Hz vs 60Hz Battery Life Comparison
Samsung Galaxy S20 Ultra Charging Test Complete: impressively quick!
Samsung Galaxy S20 Ultra Charging Test Complete: impressively quick!
First Samsung Galaxy S20 Ultra 5G NIGHT Camera Samples: Zoom zoom zoom
First Samsung Galaxy S20 Ultra 5G NIGHT Camera Samples: Zoom zoom zoom

Popular stories

Google Pixel 4 XL review 4 months later: is it worth getting one in 2020?
Google Pixel 4 XL review 4 months later: is it worth getting one in 2020?
Samsung Galaxy S20 Ultra: 120Hz vs 60Hz Battery Life Comparison
Samsung Galaxy S20 Ultra: 120Hz vs 60Hz Battery Life Comparison
First Samsung Galaxy S20 Ultra 5G NIGHT Camera Samples: Zoom zoom zoom
First Samsung Galaxy S20 Ultra 5G NIGHT Camera Samples: Zoom zoom zoom
Samsung Galaxy S20 Ultra vs iPhone 11 Pro Max Camera Comparison
Samsung Galaxy S20 Ultra vs iPhone 11 Pro Max Camera Comparison
Samsung Galaxy S20 Ultra Charging Test Complete: impressively quick!
Samsung Galaxy S20 Ultra Charging Test Complete: impressively quick!
Samsung Find My Mobile message spooks users worldwide
Samsung Find My Mobile message spooks users worldwide

Hot phones

Latest Stories

View more news
This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless