UN Issues Warning as Smartphone SIM Cards Can Now Be Hacked, About 750 Million Global Users At Risk
By Esther Tanquintic-Misa | July 22, 2013 4:11 PM EST
The United Nations has issued a warning to all 750 million smartphone users around the world to be wary of the removable SIM card on their smartphones. A German research firm has discovered a flaw in the old encryption technology used to make the device operational, enough to make it susceptible to the illegal activities of hackers.
Karsten Nohl, a German researcher and founder of Berlin's Security Research Labs, has found a way to maneuver into a SIM's 56-bit data encryption standard (DES) digital key, which later on enabled him to covertly send and install a virus through a secret text message.
What's further creepy is that the fake carrier message prompts an automated response from 25 per cent of DES-based SIMs, thus revealing a card's 56-bit security key.
Mr Nohl said it only took him two minutes to perform and complete the hack. The consequences of the irregularity, when placed in the wrong hands, could be massive.
"These findings show us where we could be heading in terms of cybersecurity risks," Hamadoun Touré, secretary general of UN's Geneva-based International Telecommunications Union, said.
The GSMA, which represents nearly 800 mobile operators worldwide, said it had also reviewed the research.
"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," Claire Cranton, GSMA spokeswoman, said.
Once a SIM card is penetrated, only the attacker knows how much fun can be done with the victimized device and its owner. Apart from snooting on texts, the attacker can even listen in on calls, use the card for fraud and tamper with it to send messages to premium message services.
"We can remotely install software on a handset that operates completely independently from your phone," the New York Times quoted the German researcher as saying.
"We can spy on you. We know your encryption keys for calls. We can read your SMS's. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."
Although more carriers have migrated to the stronger, triple-DES encryption methods, Mr Nohl said there are over three billion users who still use the DES-based SIM cards.
Using just a regular PC, Mr Nohl sent out fake messages pretending to be from the mobile carrier containing a false signature. Almost most of the smartphones with DES were able to correctly flag the fake signature and terminated the communication, still a number sent a message back, including its encrypted digital signature.
To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail:
Most Popular Slideshows
- Prince William & Kate Middleton Caught Flirting In A Countryside Dinner Date [PHOTOS]
- Kate Middleton’s Mom Accused Of Being A Social Climber, Prince George Not Seen By Relatives
- Prince William & Kate Middleton Boards London Train in Casual Disguise, Royal Couple’s Incognito Plan A Huge Hit [PHOTOS]
- Angelina Jolie & Brad Pitt’s Top Secret Wedding Tramps Jennifer Aniston’s ‘Friends’ Reunion & Pregnancy Talks [PHOTOS]
Join the Conversation
- 5.5-Inch iPhone 6 is iPhone Air on Sept 19 Release Date: 5 Things to Consider Before Buying
- Pricey iPhone 6 on Release Date Likely but with 3X Retina Resolution & Mobile Payment Service – Reports
- Nexus 6 Release Date Update: Moto X+1 Look Leaked, Nexus X or Shamu Moved to Demo Phase
- Google Nexus 8 Confirmed as HTC T1 aka Volantis/Flounder with Freshly-Leaked Specs & Features – Reports
- Europe, US Next on ISIS’ Hit List, Says Saudi King; Seized ISIS Laptop Reveals Terrifying Bio-Warfare Plans
- iPhone 6 On Release Date To Feature Qualcomm MDM9625M LTE, 1GB RAM, Mobile Payment Deal With AMEX, 1334x750 Display
- HTC One M8 for Windows Vs. Nokia Lumia Icon, The Battle Of Windows Phones