A dangerous SIM card hack has been discovered, potentially allowing attackers to remotely send premium SMS messages or re-direct and record calls, Forbes reports.
It took Karsten Nohl, German cryptographer and security researcher who discovered the flaw, three years of research and nearly 1,000 SIM cards to find and test the hack, which is based on an old encryption standard — DES (Digital Encryption Standard).
Not all SIM cards are vulnerable — just under a quarter of the SIM cards tested were susceptible to the hack — but those that are can be hacked via sending a hidden SMS. All in all, millions of phones worldwide could be affected.
Once the SIM card has been hacked, an attacker could use the victim’s phone to send premium SMS messages, which can skyrocket one’s phone bill, collect location data, re-direct or record calls, or even carry out paymnet fraud.
Nohl claims it is unlikely that cyber criminals have already found this security flaw, and he thinks it may not happen in the next six months. Meanwhile, two large carriers are already working on finding a fix, which they plan to share with other carriers.
“Companies are surprisingly open to the idea of working cooperatively on security topics because the competition is somewhere else,” says Nohl.
Nohl will be presenting his research at the upcoming Black Hat security conference, held in Las Vegas on July 31.