SIM “security flaws” put millions at risk of hack attack


One in eight SIM cards may be at risk, according to German security expert

As many as half a billion SIM cards may be susceptible to a flaw which hackers could exploit to spy or steal.

Security Research Labs cryptographer Karsten Nohl claims he has discovered a method of revealing SIMs’ digital keys through hidden text messages. His findings could affect users globally, regardless of what operating system they use.

Nohl said that he could discover a SIM authentication code by sending a device a text which masquerades as a message from the user’s operator.

Although many would recognise the fake, around a quarter would send back error messages which included an encrypted version of the SIM authentication code.

Of those that sent the code, around a quarter relied on a 1970s coding system which could be cracked “within two minutes”.

Once the attacker had the information, they could upload malware to the SIM. This could be used by the hacker to send text messages from the device to premium rate numbers that had been set up, enabling them to listen to a person’s voicemail and track their location.

Industry organisation the GSMA said that “a minority of SIMs produced against older standards could be vulnerable”, but added that it had already provided guidance to network operators and SIM vendors who could be affected.

Nohl is set to reveal more of his research at the Black Hat security conference in Las Vegas on July 31.