'We can spy on you,' says mobile expert who can hack SIMs with texts
21st Jul 2013 | 16:24
SIM vulnerabilities exposed by SMS virus
A mobile security expert in Germany claims to have discovered a flaw in mobile SIM encryption technology that allows him to hack it to a phone, eavesdrop on calls and even make mobile payments.
Karsten Nohl, founder of Security Research Labs in Berlin, said he has been able to obtain the 56-digit digital key which allows SIM data to be modified, simply by sending a virus to the device via text message.
Nohl told the New York Times that it took just two minutes to complete the hack and estimated that upto 750m mobile users would be vulnerable to the attack if the method was uncovered by malicious parties.
He told the 'paper: "We can remotely install software on a handset that operates completely independently from your phone."
"We can spy on you. We know your encryption keys for calls. We can read your SMS's. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."
Nohl has reported the findings of his study to the GSM Association and will present the research in full on August 1 at the Black Hat computer hackers' conference in Las Vegas.
He has also advised chip makers to improve their technology in order to block the messages he was able to send to infiltrate devices.
A spokesperson for the GSM Association responded: "We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted."