SMS SIM hack puts milllions of phones at risk

So, you have bought the best of phones according to your range and depend on it, both for personal and professional use? What if we tell you no matter what antivirus you install, your phone could be easily hacked, just by sending an SMS?


Yup! Karsten Nohl of Berlin based Security labs has found a way to get your phone’s digital by sending a special SMS to your phone. Thankfully, he has disclosed it to the GSMA – which is the industry organization that represents network operators tackles such matters.

“Karsten’s early disclosure to the GSMA has given us an opportunity for preliminary analysis. We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.” – A GSMA spokeswoman indicated.

SIM cards are generally put in the SIM slot and pretty much stay there without anyone thinking much about them. But what do they do exactly and why is this hack important – well, SIM stands for Subscriber Identity Module and they act as a security token which confirms your identity with your network operator. It also stores messages (SMS, MMS, broadcast messages) and contacts. But, this hack breaks in and discovers the identification code that protects all this information.

The attacker can send you a simple SMS to accomplish his task once he has your digital signature, all he needs to do is upload malware written in the Java script. “SIM cards generate all the keys you use to encrypt your calls, your SMS and your internet traffic,” Says Mr. Nohl But why does it matter? and how did it happen? and haven’t we been using the same SIM technology for a long time?

Well, what people can lose because of this hack is not just their contacts but even their sensitive banking information and obviously their very personal information conveyed via messages.

It seems like we have been concentrating on innovating mobile hardware and software too long and have neglected this important part of that mechanism – SIM cards are based on a system called the Digital Encryptions Standard (DES)  that was derived in the 1970s and has since then remained the same.

When the first SIMs came to life in the 1990s, this system was used to create and design them. Ever since then, the most innovation it  has seen is physical – the development of the MicroSIM is the only thing it has seen in a long history.

There are questions to be asked here. Who holds the responsibility for this? Definitely not the consumers who haven’t done anything with the SIMs they were asked not too do.

Don’t the companies who rake in billions of dollars owe it to us to secure us against hacking? The current scenario is actually the best case scenario with the hack. But think of what could have happened if this discovery could have been used for ulterior purposes. Just imagine some one accessing your bank account without your permission or accessing all your calls and even listening in.

The best thing we can hope for is that network operators act fast to provide us a solution to this problem.