Millions of mobiles at risk of hacking: Study
22 Jul 2013
Phones using SIMs with DES encryption, one among eight around the world, could be copied, according to researchers.
Thanks to the flaw, cybercriminals were finding it easy to commit fraud according to experts.
According to cyber researchers, a flaw discovered in the security of 500 million mobile phones could render them vulnerable to attack.
German firm Security Research Labs, which uncovered the bug said it could allow hackers to gain control over SIM cards remotely and also clone certain mobile SIM cards.
The compromised SIMs could be used by hackers to commit financial crimes or engage in espionage. A presentation of the technique would be run at the Black Hat hacking conference that opens in Las Vegas on 31 July.
According to the UN's Geneva-based International Telecommunications Union, which reviewed the research, it could be "hugely significant".
ITU secretary general Hamadoun Touré said the findings showed what kind of cyber threats could be looming ahead.
He added, the agency would notify telecommunications regulators and other government agencies across around 200 countries about the potential threat and also reach out to hundreds of mobile companies, academics and other industry experts.
According to experts by cloning handsets hackers could compromise user security by posing as the phone owner.
Karsten Nohl, the chief scientist who led the research team, said the hacking only worked with SIMs that used a type of encryption technology known as DES.
A spokeswoman for the GSMA, which represents around 800 mobile operators worldwide, said it had also reviewed the research.
GSMA spokeswoman Claire Cranton said, the association had been able to consider the implications and provide guidance to those network operators and SIM vendors that might be impacted.
Nicole Smith, a spokeswoman for Gemalto NV, the world's biggest maker of SIM cards, supporting the GSMA's response said, its policy was to refrain from commenting on details relating to its' customers' operations.
SIM cards have been the favourite target of hackers as the tiny devices were located in phones and allowed operators to identify and authenticate subscribers as they used networks.
According to the ITU's projections around 6 billion mobile phones were in use worldwide. The organisation has plans to work in association with the industry to identify how to protect vulnerable devices from attack.
Once a hacker copied a SIM, it could be used to make calls and send text messages impersonating the owner of the phone, according to Nohl, who holds a doctorate in computer engineering from the University of Virginia.
