Set to present his (and his team’s) findings at the Black Hat Security Conference to be held in Las Vegas on July 31, German cryptographer, Karsten Nohl, claims that he has found a vulnerability in the basic make-up of the subscriber identification module (SIM) card, that most carriers issue as standard with the purchase of a smartphone, adding that the exploit (if used) could affect “millions” of smartphone owners.
According to the report:
“The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM [card] with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud.”
But the discovered vulnerability does not appear to be exclusive to one type of SIM card. Instead, Nohl suggests that different shipments of SIM cards “either have [the bug], or [don't].”
“In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices,” Parmy Olson writes for Forbes.
Perhaps more concerning, though, is Nohl’s claim that the new vulnerability only requires the “hacker” to know the phone number of the victim, and (of course) have a little time on their hands, to successfully implement the exploit.
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl says.
You can read the full report at Forbes.
/ Image Credit: Luca Melette (Forbes)