Polyphonic alarm bells are ringing as recent reports reveal millions of SIM cards are at risk as at least one in eight may be prone to a hack attack.
When it comes to vulnerability, the figures don’t lie with more than 500 million phones under threat. It comes amid growing controversy over technology found in the cards on which we have all come to rely.
SIM cards under attack
According to Karsten Nohl, a top security professional, there could be possible flaws which may leave you prone to be spied upon and even theft of your details. This individual has found a trick to find out the specific digital information found inside the SIM via sending an SMS.
In addition to this, he has stated that thieves could even listen in to when you make a call as well as grab the opportunity to steal some money. Now this may seem hard to swallow but the leading industry insiders the GSMA are now investigating further into the matter.
A spokesperson on behalf of the worldwide network operators informed the BBC that;
“Karsten’s early disclosure to the GSMA has given us an opportunity for preliminary analysis. We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted. It would appear that a minority of SIMs produced against older standards could be vulnerable.”
So why has this subject been called to our attention? In essence a SIM or subscriber identity module acts as a security tag expressing all of our details on it. This includes verifying a user’s identity that they possess with the network operator.
Other aspects that it contains include text messages and a handful of contact numbers and even payment service numbers that you might use at a bank.
Details at risk
Nohl proclaimed he managed to find a solution in order to discover the SIM’s code by sending an SMS to a handset whilst pretending to be representing the mobile network. It also featured a fake digital signature for the particular operator.
Now here’s the clever bit. It turns out the majority of phones disconnect as soon as the mark is known to be bogus. However in around 25% of cases, the devices sent back an error response which had the SIM’s code on it.
The reason for the breakthrough Mr. Nohl said was down to old systems whose codes were as secretive as Houdini’s to crack. Entirely based on a system entitled Digital Encryption Standard (DES), this retro 1970s program was once considered to be impenetrable.
Achieving the impossible
It is thought it can be hacked into within minutes on a regular PC. As soon as the hacker received all the data, the criminal could have the ability to perform a number of different things such as upload malware to the SIM composed in Java.
They could even set up expensive premium numbers as well as identifying the user’s location. This swift operation he warned could be utilised as a smooth observation tool.
“Here in Europe we use a SIM card to make phone calls and texts, but many people in Africa also use them for mobile banking. Someone can steal their entire bank account by copying their SIM card.” He added.
Don’t bank on it
Meanwhile the telecommunications company for the UN has launched an enquiry and have already made contact with several regulators about the potential threat.