SIM card flaw could put nearly half a billion phones at risk

Shawn Knight

Posts: 13,002   +130
Staff member
Smartphones have been the target of countless hacking attempts although there has always been one part of the phone that remained foolproof – the SIM card. That unfortunately is no longer the case as a German cryptographer by the name...

[newwindow=""]Read more[/newwindow]


Posts: 1,086   +675
Very interesting development here. Mobile phone security is really lacking at the moment.


Well if thi happens with a SIM CARD....what should we expect about the chip on a Credit Card?.....


The risk analysis is total bullshit. Does anyone have access to all the SIMs in the field? NO, only MNOs has that. A vulnerability in a SIM is only effective in cracking one SIM physically at a time. For it to be risky, you need to be the network operator to run massively a campaign to crack the card. However, as the operator, they should already have the secret codes of these SIM. So, what is there to hack for the operator?

In the nutshell, we should only panick if telco operator networks are hacked. Then, something really serious can happen. Hacking one SIM at a time is laughable especially with the high chunk rate. Readers that got so scared, think again.

The credit cards have their own standardizations as well. Enforced by the banks and master / visa as well. So, naive to think a telecom vulnerability can somehow equate to credit cards as well.

Darth Shiv

Posts: 2,142   +741
Contact and contactless chips are an entirely different kettle of fish. The original mifare cards had retarded security. Non-existent. Newer ones are better but not sure if they have solved the obvious issues.


Posts: 367   +108
... a two-part flaw that is based on an old security standard and poorly configured code...

Yet it took him and his team three years (after 1000 SIM cards) to find it, and only 1 in 4 can be hacked by this flaw? That is pretty good in my book. Now Mr. Nohl, please do us all a big favor and keep this flaw to yourself because no hacker will spend 3-5 years looking for this flaw. They have easier targets to exploit and that is enough headache for all of us.