A security researcher in Germany claims to have discovered an encryption flaw in SIM cards that allow a user’s cell phone to be hacked in mere minutes, The New York Times reported. Mobile security expert Karsten Nohl noted that an encryption hole allows unauthorized users to obtain a SIM card’s digital key by sending a text message to a device that is disguised as a carrier message. With access to the digital key, Nohl is able to send a virus to a cell phone’s SIM card with a second text message. He added that the virus allows him to listen to phone calls, make mobile purchases and even “impersonate the cell phone’s owner.”
Nohl claims the entire process takes less than two minutes to complete and he estimates that the vulnerability could affect as many as 750 million devices worldwide. The flaw was discovered in SIM cards using an older encryption method known as data encryption standard, which is used in about half of all cell phones currently being used around the world.
The researcher explained that three-quarters of messages sent to D.E.S. encrypted mobile phones were recognized as false by the SIM card. He noted, however, that a quarter of devices sent an error message back that included information allowing him to obtain the SIM card’s digital key.