“The New York Times reports that a security researcher has found a vulnerability in the encryption used by some mobile SIM cards that could let hackers remotely take control of a phone,” Aaron Souppouris reports for The Verge. “The flaw relates to cards using DES (Data Encryption Standard) for encryption — it’s an older standard that’s being phased out by some manufacturers, but is still used by hundreds of millions of SIMs.”
“Karsten Nohl, the founder of German firm Security Research Labs, discovered that sending a fake carrier message to a phone prompted an automated response from 25 percent of DES SIMs that revealed the cards’ 56-bit security key,” Souppouris reports. “With that key in hand, Nohl was able to send a virus to the SIM with a text message. The virus allowed him to impersonate the phone’s owner, intercept text messages, and even make carrier payments.”
Souppouris reports, “DES is used in around three billion mobile SIMs worldwide, of which Nohl estimates 750 million are vulnerable to the attack.”
Read more in the full article here.