SIM card vulnerability could lead to widespread phone hijacking

Tori Floyd
The Right Click

You might think that by not clicking on strange links from your phone, you’re keeping your mobile device safe from identity theft attacks. Unfortunately, some recently revealed research shows you may not be so safe, after all.

German mobile security expert Karsten Nohl says he has found a weakness in certain SIM cards which could allow hackers to listen to phone conversations and steal personal information.

“We can remotely install software on a handset that operates completely independently from your phone,” Nohl told The New York Times. “We can spy on you. We know your encryption keys for calls. We can read your SMSs (text messages). More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

Nohl discovered the flaw as part of a widespread research project. He and his team tested about 1,000 SIM cards in Europe and North America over two years, and found that about one quarter of the SIM cards tested were susceptible to the vulnerability. In total, he estimates about 750 million cell phones worldwide could be open to this kind of attack.

The problem lies in the SIM card’s digital key, a 56-digit sequence that allows the chip to be modified, and its encryption method. Those that use DES (data encryption standard), a method developed in the 1970s, to protect the SIM card could be exploited to provide a digital attacker with key information. Nohl found that by sending a phone an SMS that appeared to be coming from the mobile phone operator, but bearing a false signature, one quarter of the DES encrypted phones in the test would send an error back to the message origin. That error message contained enough information for Nohl to determine the digital key, and gain access to the phone.

[ More Right Click: Find out how much your email is worth to a hacker ]

Many phones are now encrypted using a stronger method, known as Triple DES, which is not vulnerable to these kinds of attacks.

Nohl, who will be presenting his findings to more computer hacking experts at the Black Hat conference in Las Vegas this weekend, has already shared his findings with the GSM Association. A spokeswoman for the group says that the information has been passed on to association members.

“We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted,” Claire Cranton of the GSM Association said, according to The New York Times. She also said that it is likely only a minority of phones using DES could be vulnerable.

Need to know what’s hot in tech? Follow @yrightclick on Twitter!