Researcher says up to 750M phones may be vulnerable to SIM card security flaw

A German security researcher has discovered what he says is a large security flaw in mobile SIM cards, which could be leaving as many as 750 million phones worldwide vulnerable to attack. Karsten Nohl, founder of Security Research Labs in Berlin, told the New York Times that hackers could gain access to a SIM card's 56-digit digital key, which would let them send a virus through a text message that could allow a hacker to eavesdrop on a caller and make purchases through mobile payment systems. The flaw is derived from an old encryption method developed in the 1970s called data encryption standard, or D.E.S., and although most carriers have moved to a stronger encryption method, called Triple D.E.S., many SIM cards still use the older standard. Nohl tested around 1,000 SIM cards on mobile phones running on mobile networks in Europe and North America over a two-year period. The flaw was exposed to the GSMA. "We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted," GSMA spokeswoman Claire Cranton told Reuters. The United Nations' International Telecommunications Union has also reviewed the research. Article


Like this story? Subscribe to FierceWireless!

The Wireless industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceWireless as their must-read source for the latest news, analysis and data on this increasingly competitive marketplace. Sign up today to get wireless news and updates delivered to your inbox and read on the go.

Suggested Articles

AT&T has shifted its Cricket prepaid brand to a 100% authorized retailer model, according to Wave7 Research.

The FCC decided to extend the timeline for responding to Huawei's application for review until December 11.

All operators are trying to understand the intersection between their networks and hyperscale networks. But who gets the lion's share of the revenue?