SIM card hack possible with a couple of text messages

Jul 22, 2013
1

Almost every phone in existence uses a SIM card, especially GSM-based devices. It turns out, that while SIM cards are encrypted, they can easily be breached with just a couple of text messages, and it apparently takes only a couple of minutes. The hack allows someone to listen in on calls and steal mobile data from a phone.

The hack consists of cloaking a text message so that it looks like it was sent from the carrier, and about a quarter of the time, an error message is sent back containing information about the SIM card that can be used to break into it. After that, another text can be sent that officially finishes the job, allowing hackers into your phone.

Security researcher Karsten Nohl of Security Research Labs discovered the exploit and says that up to 750 million handsets could be vulnerable to the hack. However, he notes that only SIM cards using older data encryption methods are at risk, while SIM cards using the newer Triple DES encryption are safe.

Out of all the mobile phones littering the world, about half of them use SIM cards that still use the older DES encryption. However, the exploit probably won't last for long, since Nohl reported the vulnerability to the GSM Association, and they plan to speak with all carriers about fixing the exploit.

Nohl also plans to reveal his findings during the upcoming Black Hat conference. Don't worry too much, though, as Nohl believes cyber criminals haven't figured out the hack, and it would most likely take around six months for someone to figure it out. By then, carriers are hoping to have already patched the vulnerability.

VIA: New York Times


Must Read Bits & Bytes