German mobile expert Karsten Nohl of Security Research Labs has uncovered a flaw that allows some SIM cards to be hacked with only two text messages sent to the device. Nohl reports than in roughly 25 percent of cases, by sending an SMS text to tested devices, he received a message back that allowed him to access a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner. Nohl reports that performing this hack can all be done “in about two minutes, using a simple personal computer” and estimates that up to 750 million devices could be vulnerable.
“We can spy on you. We know your encryption keys for calls. We can read your [Text Messages].”
“We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
There is a small bit of silver lining to this, however, as the hack will only work on SIM cards running the older data encryption standard (DES); cards with the newer Triple DES encryption are not affected.
The GSM Association has been given some details of the exploit, which have been forwarded to carriers and SIM manufacturers that use DES. It’s not known how many of our beloved global roaming SIM cards, if any, use the old DES encryption.
Nohl, who is also credited with finding a security flaw in GSM call encryption several years ago, will be providing additional details at the Black Hat conference in Las Vegas on August 1. Hopefully by then, news of this exploit will have spread far enough to have allowed carriers and SIM manufacturers the world over to make the transition to the higher security standards.