Thought your mobile phone SIM card is an un-hackable nutshell? Well, you might have to rethink about it because it is now officially “breakable.”
A German researcher, Karstetn Nohl from Security research Labs revealed the hole of GSM encryption. Hackers can remotely break into some outdated DES (Date Encryption Standard) SIM cards and access your personal data with just a personal computer less than 2 minute.
“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl said to Forbes.
With only a couple fake text messages sending to your phone that claims coming from a carrier, there is quarter chance that you will receive an error message back containing a set of 56-bit digital key from DES SIM card. With the code, hackers can send malware to the SIM card via text message. From then on, the hacker can monitor the phone calls, hijacks the data and identity on the phone.
Up to 750 million SIM cards could be hacked. Fortunately, many wireless carriers now adapt the newer and more secure triple DES SIM card. GSMA (Global System for Mobile Association) has already notified the security flaw to the SIM card manufactures and vendors. Experts are now striving to find out the optimal solution for the breach. Nohl will give more detail about the research process in the Black Hat conference in Las Vegas on August 1st.
He suggests the industry to take action on such matter and gradually phase out the SIM cards to eliminate the security vulnerability. Consumers using SIM cards more than 3 years old ideally should request for a new card.