GENEVA: The UN’s International Telecommunications Union is to send an alert to all mobile phone operators after being presented with “hugely significant” evidence of a design flaw in SIM cards that could leave up to 750 million mobile phones users around the world vulnerable to fraud.
The bug allows a hacker to remotely access personal data and authorise illegal transactions within minutes, renowned German code-breaker Karsten Nohl has found.
It affects the SIM card, the plastic circuit board that contains key phone user data, which is considered to be the most-secure part of the phone, and has not been hacked in a similar fashion in a decade.
By finding out the unique encryption key of each SIM card with just one hidden text message, Nohl is able to get complete remote control of an individual’s phone.
“We become the SIM card. We can do anything the normal phone users can do,” Nohl said. “If you have a MasterCard number or PayPal data on the phone, we get that too.”
The flaw can be exploited both for financial fraud and for surveillance.
“We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. We know your encryption keys for calls. We can read your texts. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account,” Nohl explained to the New York Times.
