UN Issues Warning as Smartphone SIM Cards Can Now Be Hacked, About 750 Million Global Users At Risk
By Esther Tanquintic-Misa | July 22, 2013 4:11 PM EST
The United Nations has issued a warning to all 750 million smartphone users around the world to be wary of the removable SIM card on their smartphones. A German research firm has discovered a flaw in the old encryption technology used to make the device operational, enough to make it susceptible to the illegal activities of hackers.
Karsten Nohl, a German researcher and founder of Berlin's Security Research Labs, has found a way to maneuver into a SIM's 56-bit data encryption standard (DES) digital key, which later on enabled him to covertly send and install a virus through a secret text message.
What's further creepy is that the fake carrier message prompts an automated response from 25 per cent of DES-based SIMs, thus revealing a card's 56-bit security key.
Mr Nohl said it only took him two minutes to perform and complete the hack. The consequences of the irregularity, when placed in the wrong hands, could be massive.
"These findings show us where we could be heading in terms of cybersecurity risks," Hamadoun Touré, secretary general of UN's Geneva-based International Telecommunications Union, said.
The GSMA, which represents nearly 800 mobile operators worldwide, said it had also reviewed the research.
"We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," Claire Cranton, GSMA spokeswoman, said.
Once a SIM card is penetrated, only the attacker knows how much fun can be done with the victimized device and its owner. Apart from snooting on texts, the attacker can even listen in on calls, use the card for fraud and tamper with it to send messages to premium message services.
"We can remotely install software on a handset that operates completely independently from your phone," the New York Times quoted the German researcher as saying.
"We can spy on you. We know your encryption keys for calls. We can read your SMS's. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."
Although more carriers have migrated to the stronger, triple-DES encryption methods, Mr Nohl said there are over three billion users who still use the DES-based SIM cards.
Using just a regular PC, Mr Nohl sent out fake messages pretending to be from the mobile carrier containing a false signature. Almost most of the smartphones with DES were able to correctly flag the fake signature and terminated the communication, still a number sent a message back, including its encrypted digital signature.
To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail:
Most Popular Slideshows
- Real Life ‘Frozen’: Snow Overwhelms The US, Kills 7; More To Come (Pictures)
- Angelina Jolie, Brad Pitt in Sydney for ‘Unbroken’ Red Carpet Premiere [PHOTOS]
- ‘The Walking Dead’ Season 5, Episode 8 Spoilers: Daryl Dixon Is Set To Burn The Place Down in ‘Coda’
- G20 Summit Awkward Moments: Putin Yawns, Mystery Bubbles Appear, F18 Drama Ensues
Join the Conversation
- Air Canada Expands Vancouver Boeing 787 Dreamliners To Beijing, Seoul, Shanghai, Tokyo-Narita Routes
- Canada Consumer Alert: Tim Hortons Prices Of Coffee, Sandwiches To Go Up Effective Nov 26
- Doomsday Seed Vault Safeguards More Marijuana Seeds
- Product Recall: Graco Recalls Baby Strollers in Canada, U.S. Due To Amputation Risks
- Travel Alert: Malaysia’s AirAsia Cuts Number Of Australian Flights
- US Plane Flying Over Russian Skies Spotted; Vladimir Putin Ready For 'Practical Cooperation' With US
- Nexus 6 Release Date And Price Under AT&T, T-Mobile And Sprint Listed
- Black Friday 2014 Sale: Top Deals On Game Consoles Xbox One, PS4, Nintendo Wii U And More
- Cold War 2: Russia, China And North Korea’s Blacklisted Company Fortify Alliance -- Reports