The good old SIM card hacked for the first time, puts 750 million phones in snooping danger
Karsten Nohl, from the Security Research Labs in Berlin, is raising awareness about this vulnerability with GSMA, affected carriers and SIM makers, before the findings are presented at the Black Hat security conference in Las Vegas.
Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” says Nohl.In addition to the encryption break, the researcher has managed to figure out a way to get access to the sensitive data that is usually sandboxed on SIM cards. "
Thankfully, the vulnerability applies to random batches of SIM cards that are using older standards, which still puts 750 million handsets potentially exposed, not to mention places like Africa, where mobile payments are proliferating for the lack of banking infrastructure. US carrier subscribers can sleep tight, though, as both AT&T and Verizon have confirmed to be using the newer encryption methods in their SIM cards that can't be hacked with the flaw discovered.