While many other parts of mobile phones have been hacked, SIM cards have been free of known security vulnerabilities—until now. A security researcher says he can hack many phone SIM cards simply by sending two SMS texts.
Kevin J. O’Brien with The New York Times reported, "A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone. Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification."
eWeek quoted Nohl, who said, "We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account."
Parmy Olson with Forbes added, "In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices."
PCWorld's Christopher Null warns, "For individuals, the risk of someone hijacking your phone and listening in on calls or making phony purchases is bad enough. For business users, these problems may soon be compounded considerably."