Carriers rush to fix SIM card vulnerability affecting millions of users

By on August 2, 2013, 11:00 AM
security, exploit, vulnerability, sim, carriers, sim card, black hat, sim card flaw

Last month a German cryptographer by the name of Karsten Nohl claimed to have found SIM card encryption and software flaws that could potentially affect half a billion cell phone users. The two-part hack is based on an old security standard and poorly configured code, and once exploited a hacker could force a handset to send premium text messages, carry out payment system fraud or even record and redirect phone calls.

Nohl was due to demonstrate the hack at the Black Hat security conference in Las Vegas, but instead took the opportunity to announce that five wireless carriers had already come up with a fix. Interestingly, rather than going through the costly and time consuming process of replacing millions of SIM cards, it was the very flaw discovered by Nohl that enabled carriers to hack into the cards and deploy a fix to close the backdoor.

"They're adopting hacking methods to make it more secure," he said at a press conference ahead of his talk. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."

He was only able to demonstrate parts of the hack because of this. Although he didn’t specify which carriers have implemented the fix, Nohl praised their quick action, noting that some companies still have not fixed most of his other computer-bug findings from the past four years.




User Comments: 4

Got something to say? Post a comment
jobeard jobeard, TS Ambassador, said:

I believe this attack succeeds only on a GSM phone which is unlocked.

tonylukac said:

My brother has had a samsung android phone for at least a year and they never updated it yet.

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Interestingly, rather than going through the costly and time consuming process of replacing millions of SIM cards, it was the very flaw discovered by Nohl that enabled carriers to hack into the cards and deploy a fix to close the backdoor.
Does anyone actually think this backdoor was not intentional? Does anyone actually believe they closed the backdoor? Now for the ultimate question, who here thinks this backdoor is government related?

tipstir tipstir, TS Ambassador, said:

More protection to sell. Once we didn't need AV then all of a sudden we did. Your going to have to buy something for your SIM protection. Just a matter of time.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.