Cryptographer reveals sim card bug that puts million phones at hacking risk

A German cryptographer publically revealed the sim card flaw that leaves million of phones vulnerable to hacking at the Hackers` convention called Black Hat in Las Vegas.

Updated: Aug 02, 2013, 13:48 PM IST

London: A German cryptographer publically revealed the sim card flaw that leaves million of phones vulnerable to hacking at the Hackers` convention called Black Hat in Las Vegas.

According to the Guardian, Karsten Nohl revealed his findings at the convention and said that the flaw allowed hackers to obtain a sim card`s digital key, a 56-digit sequence that exposes the chip to manipulation making the attacker able to redirect calls, rewrite numbers, listen in on calls and also potentially make a payment fraud remotely controlling the phone.

The bug was discovered by him at a German firm Security Research Labs which affected 500 million mobile phones as the old encryption technology ,DES, is used in one out of eight devices around the world.

Nohl has notified the GSM Association earlier this year to give manufacturers and operators time to start plugging the encryption hole before demonstrating his findings at the convention.

He had found that mobile users in Africa could be among the most at risk because banking is widely done through mobile payment systems with credentials stored on SIMs.

Nohl said that some companies had responded `extremely fast` and begun patching the vulnerability and believed that even slower ones would have sufficient headstart on criminals, who would need at least six months to exploit the bug.

The report added that several manufacturers and operators confirmed to the New York Times and Forbes that they were investigating Nohl`s findings and were confident modern sim cards were secure.

ANI