Millions of mobiles vulnerable to Sim security flaw

A newly discovered vulnerability in mobile Sim cards could allow hackers to access text messages, voicemail and location data

A newly-discovered vulnerability in mobile Sim cards could allow hackers to access text messages, voicemail and location data, according to a security researcher.

Berlin-based researcher Karsten Nohl claims he has found a way to uncover the digital keys of some subscriber identity module (Sim) cards that could enable hackers to tap into phone calls or steal cash.

He reported the vulnerability first to the GSMA, the industry association that represents global mobile phone network operators, which is looking into the findings.

"We have been able to consider the implications and provide guidance to those network operators and Sim suppliers that may be affected,” a GSMA spokesperson told the BBC.

The GSMA’s preliminary findings indicate that a minority of Sims produced against older standards could be vulnerable. But the body said there was no evidence that modern Sims are vulnerable.

Nohl estimates that one in every eight Sim cards are vulnerable, which represents up to 800 million devices out of 7 billion active Sim cards around the world.

Read more about mobile security

Sim cards were introduced as a security token to authenticate a user’s identity with the network operator to eliminate fraud and ensure accurate billing.

The cards also store some data, including text messages, phone numbers and details used for some applications such as payment and banking services, making these services vulnerable to attack.

Nohl claims that about a quarter of phones tested responded to fake text messages from the mobile operator with an error message that included an encrypted version of the Sim's authentication code.

In half the cases, Nohl said the encryption was based on an early coding system called Digital Encryption Standard (DES), which can now be cracked in two minutes on a standard computer, he wrote in a blog post.

This means that phones in regions where DES is still common are the most vulnerable. DES has long been considered a weak form of encryption and many mobile operators have upgraded now to more secure forms.

Nohl claims an attacker can use the authentication code to download malware to the Sim that can be used to send text to premium rate numbers set up by the attacker.

In addition to stealing cash this way, he believes attackers could also access the target's voicemail messages, track their location and listen to calls.

Nohl expects network operators to respond quickly to his findings and provide an over-the-air download to protect subscribers against the vulnerability.

He has undertaken not to publish details of the most vulnerable Sims until December 2013 to give operators an opportunity to address the problem.

UN telecoms agency, the International Telecommunications Union (ITU), said it will contact regulators and other government agencies worldwide to ensure they are aware of the threat.

Read more on Endpoint security