Most SIM Cards Are Hackable With Two Texts: Security Firm
Many SIM cards still rely on '70s-era technology, says Security Research Labs, which hacked into phones with just two SMS messages.SIM cards are the "de facto trust anchor" of mobile devices, Security Research Labs wrote in its most recent blog post. And yet, added the German firm, it's found a way, with just two Short Message Service (SMS) texts, to break into a mobile phone and steal information, listen in on calls and even make purchases. SRL estimates that more than 7 billion SIM cards are in active use today and "many, if not most" rely on '70s-era technology that it found crackable in just days. Once figured out, SRL founder Karsten Nohl told The New York Times in an interview reported July 21, the process can be accomplished in two minutes, from an everyday computer. "We can remotely install software on a handset that operates completely independently from your phone," Nohl told the Times. "We can spy on you. We know your encryption keys for calls. We can ready your [SMSes]. More than just spying, we can steal data from the SIM card, your mobile identity, and charge your account."
Nohl found he was able to discover a SIM's digital key by sending an SMS text masquerading as one sent by the phone's wireless carrier. While most often the phones recognized that Nohl's phone was using a false signature and broke off the communication, reported the Times, 25 percent of the time the phones responded with an error message that included its digital signature—which was enough for Nohl to figure out the SIM's digital key.