750 million phones under threat after SIM encryption flaw found
A flaw has been found in SIM card encryption that could mean around 750 million phones are now vulnerable to attacks
A mobile security expert has reportedly found a flaw in some SIM cards that could allow hackers to obtain a SIM card's digital key and takeover the phone, The New York Times reports.
Karsten Nohl, founder of Security Research Labs in Berlin, tested the encryption hole and uncovered that he was allowed to send a virus to the SIM card via. SMS, which let him listen to the caller, make mobile payments and impersonate the owner.
SIM cards with D.E.S - data encryption standard - are those that could be affected by the encryption flaw and an estimated 750 million SIM cards could be vulnerable for attack.
Mr. Nohl reportedly said that around one-quarter of DES SIM cards showed the flaw.
The past decade has seen DES replaced by Triple DES, but around half of around six billion phones used daily still run on the old method.
Claire Cranton, a spokeswoman from GSM Association in London states, "We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," The NY Times reports.
Mr. Nohl has also advised better filtering technology to block the virus messages he sent and advised a phase out of the DES SIM card.
Source: The New York Times