Security Flaw On SIM Cards May Expose Users To Identity Theft

A security vulnerability in the encryption technology used in some SIM cards was recently discovered by German cryptographer Karsten Nohl and puts millions of users at risk to identity theft. According to Nohl, the exploit allows a person to gain access to a SIM Card’s digital key, a 56-digit sequence that opens the chip up to modification. Using the key, a person can send a virus to the SIM…

• Affects millions of users
• Approx. 2 minutes to hack
• Data Encryption Standards

A security vulnerability in the encryption technology used in some SIM cards was recently discovered by German cryptographer Karsten Nohl and puts millions of users at risk to identity theft.

According to Nohl, the exploit allows a person to gain access to a SIM Card’s digital key, a 56-digit sequence that opens the chip up to modification. Using the key, a person can send a virus to the SIM card through a text message and lets him eavesdrop on calls, make purchases through mobile payment systems and even impersonate the owner of the phone.

Nohl estimates that an eighth of the world’s SIM cards could be affected, or about half a billion devices. Specifically, SIM cards that use the Data Encryption Standards (DES) security encryption are the most vulnerable. Nohl also adds that the exploit can be done in a matter of minutes using a simple personal computer.

Nohl and his firm Security Research Labs have already submitted their report to the GSM Association in London and plan to present the full details of his findings at the Black Hat Conference in Las Vegas on July 27 to August 1.