The encryption used in some SIM cards could allow hackers to take control of your smartphone remotely, according to a security researcher, and a report from The New York Times.
The flaw in question is found in SIM cards using DES (Data Encryption Standard) for encryption, which is an older standard that is slowly being phased out by most manufacturers, but the point is that it is still baked into hundreds of millions of SIMs across the world. The founder of German firm, Security Research Labs, Karsten Nohl, found that sending a fake carrier message to a phone prompted an automated response from 25% of DES-based SIMs, which revealed the cards' 56-bit security key.
If a hacker has that key, they can send a virus to the SIM with a text message. This virus allows a hacker to impersonate the phone's owner, where they can access text messages, and even make carrier payments. Nohl says that the entire procedure takes "about two minutes" and only requires a regular PC.
Nohl estimates that 750 million SIM cards across the world are vulnerable, with over 3 billion DES-based SIM cards in use across the world. More and more carriers are opting for the stronger, triple-DES encryption methods, which don't fall for this seemingly easy hack. AES is also slowly replacing DES as the standard encryption method on SIM cards.
Last updated: Mar 2, 2014 at 12:00 am CST
- Twitter flaw: 17 million phone numbers matched to respective accounts
- Xmas Deals at GoodOffer24: Extra 20% OFF Antivirus + FREE Windows 10
- Next-gen console exclusives will be few and far between through 2021
- Coronavirus is on your phone, here's how you can clean it properly
- Pokemon Sword and Shield sold 16 million copies in one month
- > NEXT STORY: Sony Xperia Z Ultra will launch for $799 in Hong Kong next week
- < PREVIOUS STORY: Jack The Giant Slayer sprouts to life in our Blu-ray competition