Researcher says up to 750M phones may be vulnerable to SIM card security flaw

A German security researcher has discovered what he says is a large security flaw in mobile SIM cards, which could be leaving as many as 750 million phones worldwide vulnerable to attack. Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times that hackers could gain access to a SIM card's 56-digit digital key, which would let them send a virus through a text message that could allow a hacker to eavesdrop on a caller and make purchases through mobile payment systems. The flaw is derived from an old encryption method developed in the 1970s called data encryption standard, or D.E.S., and although most carriers have moved to a stronger encryption method, called Triple D.E.S., many SIM cards still use the older standard. Nohl tested around 1,000 SIM cards on mobile phones running on mobile networks in Europe and North America over a two-year period. The flaw was exposed to the GSMA. "We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," GSMA spokeswoman Claire Cranton told Reuters. The United Nations' International Telecommunications Union has also reviewed the research. Article