A flaw in the encryption technology used by some SIM cards in mobile devices can be exploited to remotely take control of the device, and also clone certain mobile SIM cards, says German research firm, Security Research Labs. In a recent interview with the media, Karsten Nohl, the head of Berlin based Security Research Labs, who led the research team, said the flaw would allow attackers to send spoofed text messages to obtain the 56-bit data encryption standard (DES) key used by the targeted phone's SIM card. With the key in hand, attackers would be able to install malicious software and perform other nefarious operations on the device.
He added that his firm would disclose the full details at the Black Hat Hacking conference that is slated to open in Las Vegas on July 31. About half of the SIM cards in use today still rely on the older DES encryption rather than the newer and more secure triple- DES, said Mr. Nohl, adding that the industry should use better filtering technology to block spoofed messages and to phase out SIM cards using DES. Consumers using SIM cards more than three years old should request new cards (likely using triple-DES) from their carriers, he recommended.
"Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it," Mr. Nohl told the media. "With the SIM encryption key in hand, I can send another text message to install software on the targeted phone to perform a wide range of malicious activities, including reading SMS, sending out text messages to premium-rate numbers, eavesdropping on calls, re-directing incoming calls to other numbers, or even carry out payment system fraud," he claimed.
The International Telecommunications Union, a United Nations group, said the research was "hugely significant," and that the group will be notifying telecommunications regulators and other government agencies in nearly 200 countries. ITU will also reach out to mobile companies, academics and other industry experts. GSM Association, a mobile industry group based in London, which represents nearly 800 mobile operators worldwide, said it had already notified network operators and SIM vendors who could be affected. Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, said her company supported GSMA's response.
"A minority of SIMS produced against older standards could be vulnerable," said the group's spokesperson. With the information about vulnerability now public, cybercriminals will likely take at least six months to crack the flaw, Mr. Nohl said. This will give wireless carriers sufficient time to implement the fixes. Mobile phone users in Africa could be among the most vulnerable because banking is widely done via mobile payment systems with credentials stored on SIMs. All types of phones are vulnerable, including iPhones from Apple, phones that run Google's Android software and BlackBerry smartphones, he said.