Sim cards hacked: A single text that unlocks millions of mobiles

New vulnerability identified by mobile security experts blamed on 1970s encryption standards

Millions of mobile phones could be at risk from hackers according to new research identifying vulnerabilities in the encryption used by Sim cards. Just by sending a specially designed text, security analysts were able to remotely download malware onto handsets.

Although often thought of as just providing a mobile phone’s number, Sim cards (it stands for subscriber identity module) often store users personal data and are the mark by which carriers authenticate individual users.

“With over seven billion cards in active use, Sims may well be the most widely used security token in the world,” says German security expert Karsten Nohl, the individual responsible for uncovering the flaw.

“The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.”

Nohl’s research covered the different systems of encryption used to secure Sim cards, with one particular standard named DES (Data Encryption Standard) identified as particularly insecure.

Dating back to the 1970s DES has long been considered insecure, with Nohl’s method allowing the encryption to be cracked “within two minutes on a standard computer”.

By sending a text containing a specially designed binary code Nohl was able to trick phones into authenticating him as their network provider.

Once this protocol had been established Nohl could then remotely download software onto the phone allowing him to send texts, access voicemail and even receive reports on the phone’s physical location.

“These capabilities alone provide plenty of potential for abuse,” said Nohl. “This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card.”

Speaking to the BBC Nohl suggested that about one in eight of all Sim cards are vulnerable to the hack, and that Africa-based users were particularly at risk. He did, however, say that network operators would be quick to secure their software.

Nohl will give full details of his method at a Black Hat security conference on July 31st but has already provided industry body GSMA with all of his research.

"Karsten's early disclosure to the GSMA has given us an opportunity for preliminary analysis,” said a GSMA spokeswoman. "It would appear that a minority of Sims produced against older standards could be vulnerable."

"There is no evidence to suggest that today's more secure Sims, which are used to support a range of advanced services, will be affected".

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Junior Web Designer - Client Liaison

    £6 per hour: Recruitment Genius: This is an exciting opportunity to join a gro...

    Recruitment Genius: Service Delivery Manager

    Negotiable: Recruitment Genius: A Service Delivery Manager is required to join...

    Recruitment Genius: IT Infrastructure Engineer

    £30000 - £40000 per annum: Recruitment Genius: Our client is looking to find a...

    Recruitment Genius: IT Engineer

    £21000 - £23600 per annum: Recruitment Genius: An exciting opportunity to join...

    Day In a Page

    Election 2015: How many of the Government's coalition agreement promises have been kept?

    Promises, promises

    But how many coalition agreement pledges have been kept?
    The Gaza fisherman who built his own reef - and was shot dead there by an Israeli gunboat

    The death of a Gaza fisherman

    He built his own reef, and was fatally shot there by an Israeli gunboat
    Saudi Arabia's airstrikes in Yemen are fuelling the Gulf's fire

    Saudi airstrikes are fuelling the Gulf's fire

    Arab intervention in Yemen risks entrenching Sunni-Shia divide and handing a victory to Isis, says Patrick Cockburn
    Zayn Malik's departure from One Direction shows the perils of fame in the age of social media

    The only direction Zayn could go

    We wince at the anguish of One Direction's fans, but Malik's departure shows the perils of fame in the age of social media
    Young Magician of the Year 2015: Meet the schoolgirl from Newcastle who has her heart set on being the competition's first female winner

    Spells like teen spirit

    A 16-year-old from Newcastle has set her heart on being the first female to win Young Magician of the Year. Jonathan Owen meets her
    Jonathan Anderson: If fashion is a cycle, this young man knows just how to ride it

    If fashion is a cycle, this young man knows just how to ride it

    British designer Jonathan Anderson is putting his stamp on venerable house Loewe
    Number plates scheme could provide a licence to offend in the land of the free

    Licence to offend in the land of the free

    Cash-strapped states have hit on a way of making money out of drivers that may be in collision with the First Amendment, says Rupert Cornwell
    From farm to fork: Meet the Cornish fishermen, vegetable-growers and butchers causing a stir in London's top restaurants

    From farm to fork in Cornwall

    One man is bringing together Cornwall's most accomplished growers, fishermen and butchers with London's best chefs to put the finest, freshest produce on the plates of some of the country’s best restaurants
    Don't believe the stereotype - or should you?

    Don't believe the stereotype - or should you?

    We exaggerate regional traits and turn them into jokes - and those on the receiving end are in on it too, DJ Taylor
    How to make your own Easter egg: Willie Harcourt-Cooze shares his chocolate recipes

    How to make your own Easter egg

    Willie Harcourt-Cooze talks about his love affair with 'cacao' - and creates an Easter egg especially for The Independent on Sunday
    Bill Granger recipes: Our chef declares barbecue season open with his twist on a tradtional Easter Sunday lamb lunch

    Bill Granger's twist on Easter Sunday lunch

    Next weekend, our chef plans to return to his Aussie roots by firing up the barbecue
    Joe Marler: 'It's the way I think the game should be played'

    Joe Marler: 'It's the way I think the game should be played'

    The England prop relives the highs and lows of last Saturday's remarkable afternoon of Six Nations rugby
    Cricket World Cup 2015: Has the success of the tournament spelt the end for Test matches?

    Cricket World Cup 2015

    Has the success of the tournament spelt the end for Test matches?
    The Last Word: Justin Gatlin knows the price of everything, the value of nothing

    Michael Calvin's Last Word

    Justin Gatlin knows the price of everything, the value of nothing