German Security Expert says Flaw in Encryption Technology of SIMs can Allow Cyber Criminals to Control Mobile Phones


By: Ali Raza  |   July 25th, 2013   |   News, Smartphones, Tablets

Security Research Labs founder, Karsten Nohl, has recently revealed that he has found a major defect in the encryption technology of some SIM cards and by making use of this flaw cyber criminals can easily control the mobile phone of an individual. According to the security expert, with this encryption flaw cyber criminals can gain the digital key of a SIM card that will open up the chip for modification. The New York Times was the first to report Nohl’s revelation, which has now caused anxiety in many circles.

 

The NYT report also revealed that using a 56-digit sequence SIM, Nohl had successfully sent a virus to a SIM through a text message, which gave him control and allowed him to make online purchases via mobile payment systems as well as impersonate the owner of the mobile phone. The German researcher also made it known that he had managed this entire operation ‘in about two minutes, using a simple personal computer’. With this flaw in the encryption technology of SIMs, Nohl believes that as much as 750 million mobile phone users around the entire world can face such virus attacks.

 

Mr. Nohl said, “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

 

He also said that, “the flaw he had discovered was the result of an encryption method developed in the 1970s called data encryption standard, or D.E.S. After uncovering the breach, he researched the pervasiveness of the problem by testing about 1,000 SIM cards on cellphones running on mobile networks in Europe and North America over a two-year period.”

 

At this point in time, D.E.S. encryption is utilised on roughly six billion mobile phones that are being used on daily basis. Although, majority of the wireless carriers have adopted a new and stronger encryption method known as Triple D.E.S., but still there are plenty SIM cards, which are running on old encryption. Due to this reason, the risk of vulnerability is still quite high when it comes to making the use of the flaw discovered by Security Research Labs founder.

 

So it is the need of the hour that both governments and wireless carriers around the world should immediately take precautionary measures against the encryption technology flaw and avoid a massive attack.

 

Source: iPhoneinCanada

Photo: GearLive

Leave a Reply

Your email address will not be published. Required fields are marked *