Caution: It only takes one minute to hack about 750 million mobile phones

6C8339668-130721-tech-sim.blocks_desktop_smallAround 750 million SIM cards that are being used in mobile phones contain a specific programing flaw which makes the cell phones quite vulnerable to an external threat of fraud.

The bug can enable a hacker to go on and remotely access any personal data that is contained within the phone and initiate unauthorized or illegal transactions within a matter of minutes.

Karsten Nohl who is a very famous code breaker from Germany provided evidence related the programing flaw and an alert is now being sent to Mobile phone operating companies by the International Union of Telecommunication.

The bug has a great potential of directly impacting the Plastic SIM card that contains key and essential information of the user and was previously considered to be quite secure. No such hacking has been seen in the last decade but there are threats that the bug is now quite evident and there is great risk of such invasion. Nohl through utilizing a hidden text message managed to obtain the distinct encryption key that a SIM card has and that allowed him to gain access over an individual’s cell phone.

Nohl stated to Reuters that we are now almost SIM cards and have the ability to do all what a normal cell user can do. If the user has information related to MasterCard or his/her PayPal account on the phone, we can gain access to it. Nohl also stated that the bug gives us the ability to exploit the user for both surveillance and for financial purposes.

  • Software can be remotely installed on the handset and this software will operate without any regard or connection to the user’s cell phone. This will enable us to check on all the call details, the contact information that a user has and we can spy them easily. We can also read their text messages, steal essential information from their SIM card, their mobile identity and can charge to their account.

Nohl is a 31 years old hacker who is a very ethical man and performs the task of identifying and breaking into different systems of different companies and then provide them with such evidence so that these companies can go on and fix such flaws before any criminal mind can exploit it.

Nohl stated that via using the OTA program or Over the Air Program, his team has been quite successful in breaking into SIM cards for good two years now. His program uses the unseen messages that are normally sent by cell phone operating companies for the purpose of changing the phone settings.

He also stated that we were very close to giving up on this idea of breaking into the flaw and then we found it out accidentally.

Nohl stated that when an incorrect OTA command was sent to the cell phone, it replied with an error message that contained the distinct encryption code that belonged to the cell phone and this encryption code is actually the virtual key to the phone. Nohl said that the code was decrypted easily and he managed to do it within a minute. After such decryption the phone is under the direct control of the hacker and can be easily operated through the computer without the user having any idea about it.

This bug was however not present on all the SIM cards that are being used. His estimates suggested that a quarter of the SIM cards that are using the DES standard security system contain this bug. Though the DES system is slowly being phased out but still there are more than 3 Billion cell phones that contain such systems. This is the reason why he suggested that about 750 million active cell phone users are in danger of this bug. The other bad news is that the owner of such SIM cards cannot identify it easily whether there cell phones are susceptible to such bug or not.

Nohl has already informed the concerned authorities about this serious flaw and also pointed out that about 6 months will be taken by hackers to be able to exploit this flaw. Nohl will provide all the details of his break in hackers conference that is about to take place at the end of this month in Las Vegas.

The leading companies have gone on to acknowledge the facts about this flaw and have stated that they are making the desired provisions to counter it. The authorities have however calmed the people by stating that there has not been a single incident where such bug has been used to exploit users.

The vice president of the Cyber security and technology, which is the largest mobile industry group in America, has stated that the hackers have no intention towards exploiting such flaw and this is not what they are inching for.

General Hamadoun Toure who is the ITU secretary told Reuters that these facts indicate towards the path where we are leading to in terms of cyber security risks.


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.