We have already got used to the fact that systems of modern smartphones are susceptible to viruses and hacker attacks. It turns out, however, that everyone may fall victim to an attack, even the simplest phone - it just needs to have a SIM card.
Karsten Nohl from the German company Security Research Labs informed about the SIM card vulnerability to attack from outside. He found out that hacking SIM cards, protected by the Protocol Data Encryption Standard (DES) is quite easy and gives a very broad power over the data.
A phone equipped with the old card with DES, after receiving a malicious text message sends a 56-digit access key. After acquisition of key, infecting a mobile with a virus is easy, even for the less skilled hacker. It takes several minutes and requires only a computer with the Internet access. With a key in hand and well crafted software, a hacker could overhear our conversations, view messages, find out where we are, and even pretend to be us, making mobile payments.
Nohl gives a simple solution for avoiding problems - replacing the SIM card with a newer, with Triple DES encryption. In his view, the new cards are protected against this type of attack. Karsten Nohl checked about a thousand different cards belonging to his colleagues from several universities. The fact that one in four of them was older and has proven to be vulnerable to attack allowed him to estimate that all over the world 750 million phones may have this problem.
Nohl gave their findings to an association of mobile operators - GSM Association. This one, however, refrained from comments until the scholar will present to the public the results of his research, which is to take place on August 1st at the Black Hat conference in Las Vegas. One more fact given by Nohl may be consolating – he did not find any indications of that anyone ever managed the attack on a SIM card.
Source Gizmodo
