Click to Skip Ad
Closing in...

Major SIM card security flaw puts hundreds of millions of devices at risk

Published Jul 22nd, 2013 6:35PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A security researcher in Germany claims to have discovered an encryption flaw in SIM cards that allow a user’s cell phone to be hacked in mere minutes, The New York Times reported. Mobile security expert Karsten Nohl noted that an encryption hole allows unauthorized users to obtain a SIM card’s digital key by sending a text message to a device that is disguised as a carrier message. With access to the digital key, Nohl is able to send a virus to a cell phone’s SIM card with a second text message. He added that the virus allows him to listen to phone calls, make mobile purchases and even “impersonate the cell phone’s owner.”

Nohl claims the entire process takes less than two minutes to complete and he estimates that the vulnerability could affect as many as 750 million devices worldwide. The flaw was discovered in SIM cards using an older encryption method known as data encryption standard, which is used in about half of all cell phones currently being used around the world.

The researcher explained that three-quarters of messages sent to D.E.S. encrypted mobile phones were recognized as false by the SIM card. He noted, however, that a quarter of devices sent an error message back that included information allowing him to obtain the SIM card’s digital key.

Dan joins the BGR team as the Android Editor, covering all things relating to Google’s premiere operating system. His work has appeared on Fox News, Fox Business and Yahoo News, among other publications. When he isn’t testing the latest devices or apps, he can be found enjoying the sights and sounds of New York City.