Last month, it was discovered that a couple of text messages can easily breach into a phone’s SIM card and get access to phone calls and other text messages without the user’s permission. However, in a brilliant move by wireless carriers, they were able to patch up the exploit without replacing millions of SIM cards.
Security researcher Karsten Nohl of Security Research Labs discovered the exploit and said that up to 750 million handsets could’ve been vulnerable to the hack, noting that SIM cards using older data encryption methods were at risk. However, instead of replacing all these SIM cards and mailing new ones out with the new encryption, carriers were able to hack into the SIM cards themselves in order patch them up remotely.
Nohl was scheduled to demonstrate his SIM card hack earlier this week at the Black Hat computer security conference in Las Vegas, but instead, he announced that five wireless carriers had rushed to push out updates that patched the issue. Because of this, he was only able to demonstrate segments of the hack, and he didn’t name the carriers who fixed it.
Nohl also praised the carriers’ quick response to the hack, and he hopes that more carriers will jump on board in the near future to fix their SIM cards. Physically replacing millions of SIM cards would’ve been an expensive and painstaking task by carriers, but instead, they took advantage of the same Java vulnerability that Nohl found and used it to hack into their own SIM cards and patch the exploit.
SIM cards using the newer Triple DES encryption are safe, but out of all the mobile phones littering the world, about half of them use SIM cards that still use the older DES encryption. However, it seems like everything is getting back into order, as carriers are acting quick to fix any hacks that come their way.