The encryption used in some SIM cards could allow hackers to take control of your smartphone remotely, according to a security researcher, and a report from The New York Times.
The flaw in question is found in SIM cards using DES (Data Encryption Standard) for encryption, which is an older standard that is slowly being phased out by most manufacturers, but the point is that it is still baked into hundreds of millions of SIMs across the world. The founder of German firm, Security Research Labs, Karsten Nohl, found that sending a fake carrier message to a phone prompted an automated response from 25% of DES-based SIMs, which revealed the cards' 56-bit security key.
If a hacker has that key, they can send a virus to the SIM with a text message. This virus allows a hacker to impersonate the phone's owner, where they can access text messages, and even make carrier payments. Nohl says that the entire procedure takes "about two minutes" and only requires a regular PC.
Nohl estimates that 750 million SIM cards across the world are vulnerable, with over 3 billion DES-based SIM cards in use across the world. More and more carriers are opting for the stronger, triple-DES encryption methods, which don't fall for this seemingly easy hack. AES is also slowly replacing DES as the standard encryption method on SIM cards.