Sim cards hacked: A single text that unlocks millions of mobiles

New vulnerability identified by mobile security experts blamed on 1970s encryption standards

Millions of mobile phones could be at risk from hackers according to new research identifying vulnerabilities in the encryption used by Sim cards. Just by sending a specially designed text, security analysts were able to remotely download malware onto handsets.

Although often thought of as just providing a mobile phone’s number, Sim cards (it stands for subscriber identity module) often store users personal data and are the mark by which carriers authenticate individual users.

“With over seven billion cards in active use, Sims may well be the most widely used security token in the world,” says German security expert Karsten Nohl, the individual responsible for uncovering the flaw.

“The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.”

Nohl’s research covered the different systems of encryption used to secure Sim cards, with one particular standard named DES (Data Encryption Standard) identified as particularly insecure.

Dating back to the 1970s DES has long been considered insecure, with Nohl’s method allowing the encryption to be cracked “within two minutes on a standard computer”.

By sending a text containing a specially designed binary code Nohl was able to trick phones into authenticating him as their network provider.

Once this protocol had been established Nohl could then remotely download software onto the phone allowing him to send texts, access voicemail and even receive reports on the phone’s physical location.

“These capabilities alone provide plenty of potential for abuse,” said Nohl. “This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card.”

Speaking to the BBC Nohl suggested that about one in eight of all Sim cards are vulnerable to the hack, and that Africa-based users were particularly at risk. He did, however, say that network operators would be quick to secure their software.

Nohl will give full details of his method at a Black Hat security conference on July 31st but has already provided industry body GSMA with all of his research.

"Karsten's early disclosure to the GSMA has given us an opportunity for preliminary analysis,” said a GSMA spokeswoman. "It would appear that a minority of Sims produced against older standards could be vulnerable."

"There is no evidence to suggest that today's more secure Sims, which are used to support a range of advanced services, will be affected".

PROMOTED VIDEO
Life and Style
ebookA wonderful selection of salads, starters and mains featuring venison, grouse and other game
News
Richard Norris in GQ
mediaGQ features photo shoot with man who underwent full face transplant
News
Gardai wait for the naked man, who had gone for a skinny dip in Belfast Lough
newsTwo skinny dippers threatened with inclusion on sex offenders’ register as naturists criminalised
News
Your picture is everything in the shallow world of online dating
i100
News
The Swiss Re tower or 'Gherkin' was at one time the UK’s most expensive office when German bank IVG and private equity firm Evans Randall bought it
news
Life and Style
Attractive women on the Internet: not a myth
techOkCupid boasts about Facebook-style experiments on users
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    .Net/ C# Developer/ Analyst Programmer - West London

    £45000 - £50000 per annum + competitive: Progressive Recruitment: .NET/ C# .Pr...

    Graduate / Trainee Recruitment Consultant - IT

    £25000 per annum + OTE £40,000: SThree: Orgtel are seeking Graduate Trainee Re...

    Content Manager - Central London

    £35000 - £40000 per annum + Benefits: Ashdown Group: Content Manager - Central...

    Java Developer

    £45000 - £60000 per annum + competitive: Progressive Recruitment: JAVA DEVELO...

    Day In a Page

    The children were playing in the street with toy guns. The air strikes were tragically real

    The air strikes were tragically real

    The children were playing in the street with toy guns
    Boozy, ignorant, intolerant, but very polite – The British, as others see us

    Britain as others see us

    Boozy, ignorant, intolerant, but very polite
    Countries that don’t survey their tigers risk losing them altogether

    Countries that don’t survey their tigers risk losing them

    Jonathon Porritt sounds the alarm
    How did our legends really begin?

    How did our legends really begin?

    Applying the theory of evolution to the world's many mythologies
    Watch out: Lambrusco is back on the menu

    Lambrusco is back on the menu

    Naff Seventies corner-shop staple is this year's Aperol Spritz
    A new Russian revolution: Cracks start to appear in Putin’s Kremlin power bloc

    A new Russian revolution

    Cracks start to appear in Putin’s Kremlin power bloc
    Eugene de Kock: Apartheid’s sadistic killer that his country cannot forgive

    Apartheid’s sadistic killer that his country cannot forgive

    The debate rages in South Africa over whether Eugene de Kock should ever be released from jail
    Standing my ground: If sitting is bad for your health, what happens when you stay on your feet for a whole month?

    Standing my ground

    If sitting is bad for your health, what happens when you stay on your feet for a whole month?
    Commonwealth Games 2014: Dai Greene prays for chance to rebuild after injury agony

    Greene prays for chance to rebuild after injury agony

    Welsh hurdler was World, European and Commonwealth champion, but then the injuries crept in
    Israel-Gaza conflict: Secret report helps Israelis to hide facts

    Patrick Cockburn: Secret report helps Israel to hide facts

    The slickness of Israel's spokesmen is rooted in directions set down by pollster Frank Luntz
    The man who dared to go on holiday

    The man who dared to go on holiday

    New York's mayor has taken a vacation - in a nation that has still to enforce paid leave, it caused quite a stir, reports Rupert Cornwell
    Best comedians: How the professionals go about their funny business, from Sarah Millican to Marcus Brigstocke

    Best comedians: How the professionals go about their funny business

    For all those wanting to know how stand-ups keep standing, here are some of the best moments
    The Guest List 2014: Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks

    The Guest List 2014

    Forget the Man Booker longlist, Literary Editor Katy Guest offers her alternative picks
    Jokes on Hollywood: 'With comedy film audiences shrinking, it’s time to move on'

    Jokes on Hollywood

    With comedy film audiences shrinking, it’s time to move on