Skip to main content

Carriers hack into their own SIM cards to fix security issue

Carriers hack into their own SIM cards to fix security issue

Share this story

CNN reports that the security researcher who detailed a SIM card security flaw that might have put 750 million phones at risk says several carriers have fixed the issue. The hack, revealed last month by Karsten Nohl, the founder of German firm Security Research Labs, exploited a flaw in cards using DES (Data Encryption Standard) to secure data, and allowed the researcher to intercept text messages, make carrier payments, and impersonate the phone's owner.

The vulnerability itself became the fix

Nohl was due to demonstrate the hack at the Black Hat security conference, but instead took the opportunity to announce that several wireless carriers had rushed updates to fix the issue. It was thought that many carriers would have to physically replace millions of SIM cards to evade the vulnerability, but carriers found an ingenious solution to solve the problem. They used the security flaw that Nohl detailed to remotely "hack" the SIMs and close the backdoor.

Long before detailing the hack to the public, Nohl reached out to the relevant companies involved to inform them of the issue. He's pleased by their response. Although Nohl hasn't detailed which carriers have implemented the fix, it seems likely that now a simple solution is known, companies around the world will use the same tactic to secure their customers' phones.