We have seen virtually countless software and hardware flaws in smartphones over the past few years. However, until now, mobile SIM cards were considered rather secure part of any handset, safe from any hacks. Now, a German cryptographer has found a combination of encryption and software flaws which could enable SIM hacking.
According to Karsten Nohl, he has poured three years of research into this and has finally been able to demonstrate that SIM cards could be easily hacked by using a combination of flaws. The revelation is quite startling because any SIM card flaw would directly affect hundreds of millions of smartphones.
Nohl will be presenting his findings at the upcoming Black Hat hacker conference. He and his team tested out the new-found exploits in close to 1,000 handsets, being able to hack the SIM cards in nearly all cases. The process of hacking a SIM essentially hinges on a rather old security standard which has many flaws as well as code configurations that are badly done.
This allows a hacker to infect a SIM with a virus. Once the virus is in place, it is able to send out messages from the infected handset, even redirect and record calls. The infected handsets can also be used to launch a large-scale payment system fraud.
Interestingly, this flaw is not found in all the SIMs. Although the old standard is used in nearly all handsets, the bugs are random. Some SIM cards could be hacked easily while other can’t be, since they don’t carry the bug at all. And Nohl and his team have been unable to determine exactly what causes the randomness.
Once this SIM card hacking makes headlines, it will surely entice a lot of hackers who will be trying their hands on it. However, the good thing is that Nohl’s findings will enable smartphone vendors as well as the telecom giants to keep an eye on the flaw, find a solution as soon as possible and avoid any fraud perpetuated through it.