You might feel safe with your phone in your pocket, but that doesn’t mean the device is safe from prying eyes. One researcher from Security Research Labs recently found that he and his team were able to compromise a mobile device using the SIM card in just two minutes by sending a special message to a cell phone with older encryption. The problem lies in the security on the SIM cards, which lead researcher Karsten Nohl argues isn’t strong enough to keep hackers out.
Nohl thinks that about 750 million phones around the globe can be attacked thanks to the flaw, and said that it’s easy to install software remotely that gives full control to a hacker. “We can spy on you,” Nohl said. “We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identify, and charge to your account,” he told The New York Times.
Nohl discovered the main problem is related to old encryption techniques that were first used in the 1970s and noticed the flaw exists in phones that were tested in North America and Europe. He didn’t name the carriers with vulnerabilities in their SIM cards, however, but did notify the GSM Association of the flaw. The industry group, which works closely with global carriers, said it is already able to “provide guidance to those network operators” thanks to the results of Nohl’s report.
It appears that the vulnerability is still a problem, though the GSM didn’t say whether or not it agreed with Nohl’s conclusion that 750 million cell phones could be at risk.