AS many as one quarter of all mobile phones in use in the world today could be vulnerable to an SMS attack that allows hackers to gain full control of the phone. The vulnerability was discovered in the outdated, 1970s-era cryptography technique called DES encryption that’s still used by around half of all Subscribers Identification Modules (SIM) cards.
According to the researcher, Karsten Nohl, there is a security flaw that potentially opens up around 750 million SIM cards to hackers who could take control of a mobile phone globally.
Nohl, the founder of Security Research Labs in Berlin, Germany, told the New York Times that the encryption hole would allow hackers to obtain a SIM card’s 56-digit digital key, which then opens the SIM Card for modification.
Already, a World Bank report has revealed that mobile phone has reached three quarters of the world, stressing that that with over six billion mobile subscriptions in use worldwide, up from fewer than one billion in 2000, three out of every four human beings worldwide now have access to a mobile phone.
In Africa, as at November 2012, mobile subscription has reached 750 million people and is expected to reach one billion by 2015. Nigeria, which just concluded its over two years N6.1 billion SIM registration, currently lead the pack with 119 million mobile subscriptions.
Nohl, in the research, explained that accessing the digital key allowed him (hacker) to send a virus to a mobile phone via an SMS that enabled him to eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner.
“We can remotely install software on a handset that operates completely independently from your phone,” Nohl told the newspaper.
Once he had suspected the flaw existed, he has spent the past two years testing around 1,000 SIM Cards that his team bought, and he estimates that around a quarter of the SIM Cards are affected by the security flaw.
Most newer SIM Cards use a newer security system and are immune from the attack, but users who haven’t changed their SIM Card for several years could be vulnerable.
The GSM Association, the body has already been notified of the problem, which will be explained in more detail at the Black Hat conference next week.
In a statement, a GSM Association spokeswoman, Claire Cranton, said Nohl had sent the association outlines of his study, which the organization had passed along to operators and to makers of SIM cards that still relied on the older encryption standard.
It would also be possible for the networks to block the type of attack SMS that he used to breach the SIM Card security while they decide if it is necessary to issue replacement SIM cards to vulnerable customers.