Millions of Phones Could Be Vulnerable to This SIM Card Hack

By Lily Newman on at

A German cryptographer claims to have hacked a SIM card. It's never been done before (as far as we know), so it's kind of a big deal and shows that millions of phones are potentially vulnerable from hack-by-SMS.

The founder of Security Research Labs in Berlin, Karsten Nohl, studied the encryption methods used in thousands of SIM cards to figure out how a hacker could find the card's unique 56-digit access key. The vulnerability he discovered could impact as many as 750 million phones and would open them to call surveillance, fraudulent purchases and even a type of identity theft. Nohl told Forbes:

Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it.

In addition to compromising access keys, Nohl discovered a flaw in the "sandboxing" technique that keeps sensitive data separate on SIM cards. By sending a binary SMS to a number of phones, he can collect data that will eventually allow him to break through the encryption on some of the phones. Each vulnerability Nohl identified only applies to certain SIM cards, but in the wrong hands they could endanger a large percentage of the SIM cards in use across the world right now.

Though Nohl isn't officially presenting his findings until the Black Hat security conference in Las Vegas on July 30, he did share them with the GSM Association. A spokeswoman, Claire Cranton, told the New York Times:

We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.

Definitely sounds like they're on it, and totally trust enormous mobile providers like Vodafone and EE to act quickly and nimbly in resolving this issue. Or, you know, not. [Forbes, NYTimes]

Image credit: SIM from Shutterstock