A german security researcher has revealed that as many as 750 million cellphones may be vulnerable to to hacking via their SIM card if it’s encrypted with DES (Data Encryption Standard) originally coded in the 1970s. Through studies on approximately 1000 sim chips and phones, Karsten Nohl of Security Research Labs demonstrated the ability to fool the older SIM chips into thinking he was authorized to access confidential data on the phone, including SMS texts, call logs as well as pay for fraudulent services via the phone. In theory, this level of access could grant an attacker the ability to compromise and steal the phone owner’s identity on top of gaining access to online bank accounts and other high-risk areas.
What this means for you:
Mr. Nohl has not revealed to the public the details of which SIM cards may suffer from this weakness and has instead been working closely with SIM card manufacturers to assist them with identifying and hopefully remediating the weakness where they can. His estimates are that as many as 3 billion cell phones use the older-generation SIM cards, but only some of those are prone to the security bug he has exploited in the above research. According to SIM manufacturers, they stopped using the older DES method back in 2008, so it’s likely that if your phone is less than 3-years old, you are probably safe from this particular exploit. If you have a phone that is older than 3-years, you should consider replacing it with a newer phone, or at minimum, see about getting a new SIM card from your carrier if you want to continue using your cellphone.
