Major SIM card security flaw puts hundreds of millions of devices at risk

Dan Graziano
BGR News

SIM Card Hack
SIM Card Hack

A security researcher in Germany claims to have discovered an encryption flaw in SIM cards that allow a user’s cell phone to be hacked in mere minutes, The New York Times reported. Mobile security expert Karsten Nohl noted that an encryption hole allows unauthorized users to obtain a SIM card’s digital key by sending a text message to a device that is disguised as a carrier message. With access to the digital key, Nohl is able to send a virus to a cell phone’s SIM card with a second text message. He added that the virus allows him to listen to phone calls, make mobile purchases and even “impersonate the cell phone’s owner.”

[More from BGR: New Samsung Galaxy Note III specs emerge]

Nohl claims the entire process takes less than two minutes to complete and he estimates that the vulnerability could affect as many as 750 million devices worldwide. The flaw was discovered in SIM cards using an older encryption method known as data encryption standard, which is used in about half of all cell phones currently being used around the world.

[More from BGR: The smartphone price crash is about to wreck two major vendors]

The researcher explained that three-quarters of messages sent to D.E.S. encrypted mobile phones were recognized as false by the SIM card. He noted, however, that a quarter of devices sent an error message back that included information allowing him to obtain the SIM card’s digital key.

This article was originally published on