Sim cards hacked: A single text that unlocks millions of mobiles

New vulnerability identified by mobile security experts blamed on 1970s encryption standards

Millions of mobile phones could be at risk from hackers according to new research identifying vulnerabilities in the encryption used by Sim cards. Just by sending a specially designed text, security analysts were able to remotely download malware onto handsets.

Although often thought of as just providing a mobile phone’s number, Sim cards (it stands for subscriber identity module) often store users personal data and are the mark by which carriers authenticate individual users.

“With over seven billion cards in active use, Sims may well be the most widely used security token in the world,” says German security expert Karsten Nohl, the individual responsible for uncovering the flaw.

“The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.”

Nohl’s research covered the different systems of encryption used to secure Sim cards, with one particular standard named DES (Data Encryption Standard) identified as particularly insecure.

Dating back to the 1970s DES has long been considered insecure, with Nohl’s method allowing the encryption to be cracked “within two minutes on a standard computer”.

By sending a text containing a specially designed binary code Nohl was able to trick phones into authenticating him as their network provider.

Once this protocol had been established Nohl could then remotely download software onto the phone allowing him to send texts, access voicemail and even receive reports on the phone’s physical location.

“These capabilities alone provide plenty of potential for abuse,” said Nohl. “This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card.”

Speaking to the BBC Nohl suggested that about one in eight of all Sim cards are vulnerable to the hack, and that Africa-based users were particularly at risk. He did, however, say that network operators would be quick to secure their software.

Nohl will give full details of his method at a Black Hat security conference on July 31st but has already provided industry body GSMA with all of his research.

"Karsten's early disclosure to the GSMA has given us an opportunity for preliminary analysis,” said a GSMA spokeswoman. "It would appear that a minority of Sims produced against older standards could be vulnerable."

"There is no evidence to suggest that today's more secure Sims, which are used to support a range of advanced services, will be affected".

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: 1st / 2nd Line IT Support Technician

    £30000 per annum: Recruitment Genius: They are a small IT consultancy business...

    Guru Careers: Account Manager

    £30 - 38k (DOE): Guru Careers: We are seeking a digitally focussed Account Man...

    Recruitment Genius: Web Developer - Java

    £24000 - £30000 per annum: Recruitment Genius: This exciting and disruptive co...

    Recruitment Genius: Web Developer - PHP / MySQL / HTML / CSS

    £23000 - £28000 per annum: Recruitment Genius: Due to expansion, this digital ...

    Day In a Page

    A groundbreaking study of 'Britain's Atlantis' long buried at the bottom of the North Sea could revolutionise how we see our prehistoric past

    Britain's Atlantis

    Scientific study beneath North Sea could revolutionise how we see the past
    The Queen has 'done and said nothing that anybody will remember,' says Starkey

    The Queen has 'done and said nothing that anybody will remember'

    David Starkey's assessment
    Oliver Sacks said his life has been 'an enormous privilege and adventure'

    'An enormous privilege and adventure'

    Oliver Sacks writing about his life
    'Gibraltar is British, and it is going to stay British forever'

    'Gibraltar is British, and it is going to stay British forever'

    The Rock's Chief Minister hits back at Spanish government's 'lies'
    Britain is still addicted to 'dirty coal'

    Britain still addicted to 'dirty' coal

    Biggest energy suppliers are more dependent on fossil fuel than a decade ago
    Orthorexia nervosa: How becoming obsessed with healthy eating can lead to malnutrition

    Orthorexia nervosa

    How becoming obsessed with healthy eating can lead to malnutrition
    Lady Chatterley is not obscene, says TV director

    Lady Chatterley’s Lover

    Director Jed Mercurio on why DH Lawrence's novel 'is not an obscene story'
    Farmers in tropical forests are training ants to kill off bigger pests

    Set a pest to catch a pest

    Farmers in tropical forests are training ants to kill off bigger pests
    Mexico: A culture that celebrates darkness as an essential part of life

    The dark side of Mexico

    A culture that celebrates darkness as an essential part of life
    Being sexually assaulted was not your fault, Chrissie Hynde. Don't tell other victims it was theirs

    Being sexually assaulted was not your fault, Chrissie Hynde

    Please don't tell other victims it was theirs
    A nap a day could save your life - and here's why

    A nap a day could save your life

    A midday nap is 'associated with reduced blood pressure'
    If men are so obsessed by sex, why do they clam up when confronted with the grisly realities?

    If men are so obsessed by sex...

    ...why do they clam up when confronted with the grisly realities?
    The comedy titans of Avalon on their attempt to save BBC3

    Jon Thoday and Richard Allen-Turner

    The comedy titans of Avalon on their attempt to save BBC3
    The bathing machine is back... but with a difference

    Rolling in the deep

    The bathing machine is back but with a difference
    Part-privatised tests, new age limits, driverless cars: Tories plot motoring revolution

    Conservatives plot a motoring revolution

    Draft report reveals biggest reform to regulations since driving test introduced in 1935