Sim Card Hacking

Ms. Urmi Patel,
Ms. Amisha Bhrambhatt,
T.Y.M.Sc.(IT),
20110100110032  20110100110093

MANY phone SIM cards can be hacked to reveal users' physical location and in some cases their mobile banking information, a German security researcher has found.

 

SIMs are the small, removable plastic cards maintain a person's mobile identity, such as their phone number and which network to which they subscribe. At least 500 million of them, or about one-eighth of worldwide mobile phone users, are also hackable, said Karsten Nohl, founder of the Berlin-based Security Research Labs.

 

If a hacker gains access to the card, he could track the phone owner's geographic location or send unauthorized text messages. The hacker possibly could also access credit card and bank account information used for mobile wallet applications.


As mobile phones have become more like computers, hackers have found numerous security vulnerabilities. But Mr Nohl's findings appear to be the first instance of someone hacking a SIM card. It's only the latest illustration of the risks consumers face as they put more of their personal information online.


Digital Pass $1 for first 28 Days

There is no evidence that someone has yet exploited SIMs for malicious purposes, Nohl said. "We are at least a little bit ahead of the criminal hacking world," he said. "There is a big chance of at least the big carriers removing this risk before anyone gets hurt."


Nohl plans to present his findings at Black Hat, a large hacker conference in Las Vegas next week. He has already shared his findings with GSMA, a world mobile operator trade group. In a written statement, the organization said many of the SIM cards that Nohl found to be vulnerable have already been phased out.


"The GSMA takes the security of SIM Cards very seriously," it said. "We continue to work with our mobile operator members and the SIM providers to minimize any potential risks."


Mobile phone carriers often verify customers' identities by sending coded SMS messages to their devices. To access a SIM card, Nohl would send a message to the number disguised as the mobile phone company.


Although the phone's encryption software recognized Mr Nohl as an imposter, some would send back an error message that included some of the phone's encryption signature. He could then use a computer program to hack the rest of the SIM card.


Nohl's study focused on 1,000 SIM cards mostly from European phone carriers. He declined to say which phone companies or countries were most vulnerable to the risk, other than that some countries were neighbors of Germany and part of the "G-7".


There is also an extra risk for some African countries, he said, where mobile banking is more common.