The SIM was one of the few common things in tech which were considered impossible to hack. Until now. Karsten Nohl of Security Research Labs (based out of Germany) has finally got a way past the 56-digit unique code and found a simple process which leaves an estimated 750 million SIM cards at risk.
The research was done on a 1000 SIM cards and only the ones which were using the old DES (Data Encryption Standard) standard were found vulnerable. Cracking them is super-easy and takes just 2 minutes. A message is sent to the target SIM card while disguised as the carrier. In response, a message is received containing information needed to find a way past the 56-digit code or the digital key which can allow the hacker to take control of the target SIM.
After getting this information and taking control, the intruder can easily listen to your calls, send text messages and in short, have control over every form of data on your SIM card.
Mr. Nohl said:
“We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
In all, about 25% of the SIM cards which were tested were found susceptible to such penetration. Newer technologies like NFC might be at risk too.
D.E.S. encryption, which is vulnerable to such hacks – is used on about half of the about six billion cellphones. Over the past decade, most operators have adopted a stronger encryption method, called Triple D.E.S., but many SIM cards still run the old standard.
The GSM Association hasn’t confirmed this just yet though as it will investigate the case first but if this, in any way is true, it will pose some serious threats to people using SIM card for much more complex purposes than calling and texting. Mobile payments that is.