Last month a German cryptographer by the name of Karsten Nohl claimed to have found SIM card encryption and software flaws that could potentially affect half a billion cell phone users. The two-part hack is based on an old security standard and poorly configured code, and once exploited a hacker could force a handset to send premium text messages, carry out payment system fraud or even record and redirect phone calls.
Nohl was due to demonstrate the hack at the Black Hat security conference in Las Vegas, but instead took the opportunity to announce that five wireless carriers had already come up with a fix. Interestingly, rather than going through the costly and time consuming process of replacing millions of SIM cards, it was the very flaw discovered by Nohl that enabled carriers to hack into the cards and deploy a fix to close the backdoor.
"They're adopting hacking methods to make it more secure," he said at a press conference ahead of his talk. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."
He was only able to demonstrate parts of the hack because of this. Although he didn’t specify which carriers have implemented the fix, Nohl praised their quick action, noting that some companies still have not fixed most of his other computer-bug findings from the past four years.
