We’re used to hearing about the odd smartphone security flaw by now, but this latest one potentially leaves your SIM card at risk of being exploited, which could leave you footing the bill for a fraudster’s misdeeds.
After three years of research, German cryptographer Karsten Nohl has found encryption and software flaws that could affect millions of SIM cards. His team tested nearly a thousand SIM cards, and found that a quarter of them could be exploited. However, given that encryption standards vary between countries, Nohl estimates that around an eighth of the world’s SIM cards could be vulnerable, which works out to about half a billion mobile devices.
Vulnerable Digital Encryption Standard SIM cards can be exploited by an attacker sending a command to your phone requesting some data. However, at first the SIM rejects the request as the attacker doesn’t have the correct encryption, but sends back an error code carrying its own encrypted 56-bit private key.
This encryption key can then be easily looked up using a mathematical “rainbow table”, it only took Nohl’s team two minutes to crack it. Once the attacker has the key, they can then send premium text messages, re-direct and record calls, carry out payment system fraud, and even clone details stored on the SIM.
But don’t worry too much, remember that it took three years of dedicated research for Nohl to discover this problem, so it’s highly unlikely that anyone else is currently using the exploit. We’ll keep you updated with any further developments, hopefully the carrier industry will address the problem soon.