Karsten Nohl, a mobile security expert from Germany claims he has discovered a flaw in mobile SIM encryption technology, which allows him to hack a mobile phone, listen in on calls and even make payments using a mobile phone.
Nohl is the founder of Security Research Labs in Berlin. He says that he has been able to get the 56-digit digital key thereby allowing the SIM data to be modified, by sending a virus to the device through a text message.
He told the New York Times that it took only two minutes to complete the hack and that if this method fell into the wrong hands, upto 750 million mobile phone users could be vunerable to attack.
He told the paper: “We can remotely install software on a handset that operates completely independently from your phone.”
“We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
Nohl has advised chip makers of his findings so that the technology can be improved and stop these messages from infiltrating devices.
He also informed GSM Association and plans to explain the research further at the Black Hat computer hacker’s conference in Las Vegas on August 1.
A spokesperson for the GSM Association responded: “We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.”
[Image via forbes]