Millions of Sims vulnerable to hack attack

23 July 2013

hackers A flaw with Sim card technology is, according to reports, putting millions of people at risk of a damned good hacking, which means snide gits can rob you and spy on you or whatever it is they want.

Karsten Nohl, some kind of expert, has said he's found a way to discover some Sims' digital keys by sending them a special text message with industry organisation - the GSMA - looking into it all.

"Karsten's early disclosure to the GSMA has given us an opportunity for preliminary analysis," said a spokeswoman for the association, which represents global network operators. "We have been able to consider the implications and provide guidance to those network operators and Sim vendors that may be impacted."

"Sim cards generate all the keys you use to encrypt your calls, your SMS and your internet traffic," Nohl said. "If someone can capture the encrypted data plus have access to your Sim card, they can decrypt it. Operators often argue that it's not possible to listen in on 3G or 4G calls - now with access to the Sim card, it very much is."

Nohl reckons that around an eighth of all Sim cards are vulnerable to the hack attack, but he won't be saying which ones yet because he wants operators to have the chance to address these problems first... or he's just showing off.

TOPICS:   Mobile   Privacy

4 comments

  • fibbingarchie
    I'd love to be able to spy on the average mobile phone user and eavesdrop on their conversations: "Hey, where are you?" "I'm on the train, where are you?" "I'm on the bus, what you doin?" "Nuthin' much, what 'bout you?" "Same!" Yes, certainly worth the effort.
  • Gran
    Ooh, you mean like Sim City? I used to like that, I did.
  • Mike O.
    Could be interesting with phones now being used as payment devices in shops.
  • JonB
    Apparently this vulnerability is only on older SIM cards. If you're using a new smartphone (with a micro SIM) then you're likely to be OK.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment