Sim Card Security Vulnerabilities Revealed

Posted by Clare Andrews on the 30th August 2013 | Topics: News

SIM cards power billions of mobile devices across the world, allowing network providers to identify customers irrespective of the device they are using.

However, a security expert has argued that the age and nature of the technology behind SIM cards is well behind the curve and could leave consumers at risk of having their handsets exploited by cybercriminals.

CIO.co.uk reports that Security Research Labs representative, Karsten Nohl, has spoken out about SIM card security this month, claiming to have found a loophole that allows for a third party to hack into a phone and find out the user's location, just by exploiting SMS text message functionality.

This can also allow hackers to alter the voicemail number of a particular SIM user's account, which is obviously problematic in other ways.

In response to this assertion by Nohl, a statement was released by the GSM Association, which represents various providers and manufacturers in the mobile phone industry. It said that only those who are relying on older encryption standards used for SIM communications would be at risk, with the majority of customers unaffected.

Although the SIM card encryption standards exploited by Nohl are four decades old, technology has moved on and newer units are not so encumbered.

Nohl and his research team were able to eventually crack a phone's location and exploit other elements via SMS in just two minutes, which means that it could be a real security threat in certain scenarios.

Network providers have apparently been briefed regarding this development and it seems likely that customers in the UK need not be overly worried about potential vulnerabilities, because almost everyone who takes advantage of the latest security standards will be using a newer SIM .

Nohl is planning to present his findings during the Black Hat security expo, being held at the end of the month in the US.



Add Comment