A German mobile security expert Karsten Nohl claims that he has discovered a flaw in the current mobile SIM encryption technology which allows to easily hijack a phone, listen to the calls, read your SMS, steal data from SIM card and make payments using your mobile connection.
Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key. The digital key is a 56-digit sequence that opens the chip up to modification.
As an experiment he sent a virus to the SIM card through a text message, which allowed him to eavesdrop on a caller, make payments using that SIM connection or impersonate the phone owner by making calls and SMS from that number. A software could be remotely installed on a device which operates completely independent from your phone.
Nohl explains that this method is very easy and it took him only two minutes using a personal computer to crack the encryption. He estimates that as many as 750 million phones may be vulnerable to attacks if this method fell into wrong hands.
Nohl has shared the results of his two-year study with the GSM Association, an organization based in London that represents the mobile industry, through a process of “responsible disclosure.” He also advised operators to phase out SIM cards using D.E.S. encryption in favor of newer standards.