Sim cards hacked: A single text that unlocks millions of mobiles

New vulnerability identified by mobile security experts blamed on 1970s encryption standards

Millions of mobile phones could be at risk from hackers according to new research identifying vulnerabilities in the encryption used by Sim cards. Just by sending a specially designed text, security analysts were able to remotely download malware onto handsets.

Although often thought of as just providing a mobile phone’s number, Sim cards (it stands for subscriber identity module) often store users personal data and are the mark by which carriers authenticate individual users.

“With over seven billion cards in active use, Sims may well be the most widely used security token in the world,” says German security expert Karsten Nohl, the individual responsible for uncovering the flaw.

“The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets.”

Nohl’s research covered the different systems of encryption used to secure Sim cards, with one particular standard named DES (Data Encryption Standard) identified as particularly insecure.

Dating back to the 1970s DES has long been considered insecure, with Nohl’s method allowing the encryption to be cracked “within two minutes on a standard computer”.

By sending a text containing a specially designed binary code Nohl was able to trick phones into authenticating him as their network provider.

Once this protocol had been established Nohl could then remotely download software onto the phone allowing him to send texts, access voicemail and even receive reports on the phone’s physical location.

“These capabilities alone provide plenty of potential for abuse,” said Nohl. “This allows for remote cloning of possibly millions of SIM cards including their mobile identity (IMSI, Ki) as well as payment credentials stored on the card.”

Speaking to the BBC Nohl suggested that about one in eight of all Sim cards are vulnerable to the hack, and that Africa-based users were particularly at risk. He did, however, say that network operators would be quick to secure their software.

Nohl will give full details of his method at a Black Hat security conference on July 31st but has already provided industry body GSMA with all of his research.

"Karsten's early disclosure to the GSMA has given us an opportunity for preliminary analysis,” said a GSMA spokeswoman. "It would appear that a minority of Sims produced against older standards could be vulnerable."

"There is no evidence to suggest that today's more secure Sims, which are used to support a range of advanced services, will be affected".

Arts and Entertainment
Lou Reed distorted the truth about his upbringing, and since his death in 2013, biographers and memoirists have added to the myths
musicThe truth about Lou Reed's upbringing beyond the biographers' and memoirists' myths
News
people
News
Ed Miliband received a warm welcome in Chester
election 2015
Life and Style
Apple CEO Tim Cook announces the Apple Watch during an Apple special even
fashionIs the Apple Watch for you? Well, it depends if you want for the fitness tech, or the style
Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Project Implementation Executive

    £18000 - £23000 per annum: Recruitment Genius: They work with major vehicle ma...

    Recruitment Genius: Digital Account Executive - Midlands

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Ashdown Group: Front-End UI Application Developer

    £30000 - £40000 per annum + Benefits: Ashdown Group: Front-End UI Application ...

    Recruitment Genius: Digital Account Executive

    £18000 - £26000 per annum: Recruitment Genius: They work with major vehicle ma...

    Day In a Page

    NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

    Who's monitoring the outsourced NHS services?

    A report finds that private firms are not being properly assessed for their quality of care
    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
    How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

    How do Greeks feel about Syriza?

    Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
    From Iraq to Libya and Syria: The wars that come back to haunt us

    The wars that come back to haunt us

    David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
    Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

    Too busy to surf? Head to The Pool

    A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders
    Heston Blumenthal to cook up a spice odyssey for British astronaut manning the International Space Station

    UK's Major Tum to blast off on a spice odyssey

    Nothing but the best for British astronaut as chef Heston Blumenthal cooks up his rations
    John Harrison's 'longitude' clock sets new record - 300 years on

    ‘Longitude’ clock sets new record - 300 years on

    Greenwich horologists celebrate as it keeps to within a second of real time over a 100-day test
    Fears in the US of being outgunned in the vital propaganda wars by Russia, China - and even Isis - have prompted a rethink on overseas broadcasters

    Let the propaganda wars begin - again

    'Accurate, objective, comprehensive': that was Voice of America's creed, but now its masters want it to promote US policy, reports Rupert Cornwell
    Why Japan's incredible long-distance runners will never win the London Marathon

    Japan's incredible long-distance runners

    Every year, Japanese long-distance runners post some of the world's fastest times – yet, come next weekend, not a single elite competitor from the country will be at the London Marathon
    Why does Tom Drury remain the greatest writer you've never heard of?

    Tom Drury: The quiet American

    His debut was considered one of the finest novels of the past 50 years, and he is every bit the equal of his contemporaries, Jonathan Franzen, Dave Eggers and David Foster Wallace
    You should judge a person by how they peel a potato

    You should judge a person by how they peel a potato

    Dave Hax's domestic tips are reminiscent of George Orwell's tea routine. The world might need revolution, but we like to sweat the small stuff, says DJ Taylor
    Beige is back: The drab car colours of the 1970s are proving popular again

    Beige to the future

    Flares and flounce are back on catwalks but a revival in ’70s car paintjobs was a stack-heeled step too far – until now
    Bill Granger recipes: Our chef's dishes highlight the delicate essence of fresh cheeses

    Bill Granger cooks with fresh cheeses

    More delicate on the palate, milder, fresh cheeses can also be kinder to the waistline
    Aston Villa vs Liverpool: 'This FA Cup run has been wonderful,' says veteran Shay Given

    Shay Given: 'This FA Cup run has been wonderful'

    The Villa keeper has been overlooked for a long time and has unhappy memories of the national stadium – but he is savouring his chance to play at Wembley
    Timeless drama of Championship race in league of its own - Michael Calvin

    Michael Calvin's Last Word

    Timeless drama of Championship race in league of its own