A vulnerability that is suspected to be affecting 1 in 8 active SIM cards worldwide has been discovered by a German researcher.
A Subscriber Identity Module (SIM) was introduced to mobile phones as a way of authenticating a user’s identity with a network operator. Up to 750 million active SIMs across the world are believed to still employ an outdated encryption method named DES. Digital Encryption Standard is a process first created in the 1970’s, it is widely regarded as outdated and insecure as it can be hacked by a modern computer in a matter of minutes.
The DES encryption method is believed to still be being used in up to one eighth of the world’s mobile phones. SIM cards that use this are vulnerable to hacking as the recent research has shown. An unauthorised text message was sent to a DES phone, the phone detected this as a fake message and automatically responded with an error message. This error contained an encrypted authorisation number of the SIM. This number can be used to download mobile malware which can lead a hacker directly into the phones SIM storage which could contain text messages, voicemails and other data. The sending of premium rate messages could also be put into action as well as determining the location of a device.
The majority of operators have upgraded to a more secure encryption service but there are some areas of the world that still use this method.
The researcher who discovered the flaw will not release the details of the vulnerable operators until the end of this year, giving them the opportunity to resolve the issue before being exposed.