Saturday, May 15, 2021

Researchers: SIM Cards Can Be Hacked with Two Texts

While many other parts of mobile phones have been hacked, SIM cards have been free of known security vulnerabilities—until now. A security researcher says he can hack many phone SIM cards simply by sending two SMS texts.

Kevin J. O’Brien with The New York Times reported, “A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification.”

eWeek quoted Nohl, who said, “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account.”

Parmy Olson with Forbes added, “In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices.”

PCWorld’s Christopher Null warns, “For individuals, the risk of someone hijacking your phone and listening in on calls or making phony purchases is bad enough. For business users, these problems may soon be compounded considerably.”

Similar articles

Latest Articles

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...

Top 10 Professional Services...

Professional services automation (PSA) software aims to offer service-based companies most of the software they will need to run their businesses in one package....

What is Data Aggregation?

Data aggregation is the process where raw data is gathered and presented in a summarized format for statistical analysis. The data may be gathered...