Karsten Nohl Ph.D, tech genius behind Security Research Labs located in Berlin has identified a flaw in the SIM encryption technology. This flaw, states Nohl, allows access to the digital key located on the SIM. A standard SIM that is found on currently more than 750 million cell phones across the globe.
“We can remotely install software on a handset that operates completely independently from your phone,” warned Nohl, who said he managed the entire operation in less than two minutes using a standard PC. “We can spy on you. We know your encryption keys for calls. We can read your SMSs. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
Standard compliance tests displayed over 1,000 SIM cards in Europe and North America are flawed. Network vendors are now scrambling to understand the next steps. This can lead to a memo issued to all carriers who still have customers using the Digital Encryption Standard SIM, a cryptographic method developed by IBM in the 1970s that is used on millions of phones everyday.
Nohl stated he addressed the concern with the GSM Association, a trade organization that represents the entire cell phone industry. Its spokeswoman Claire Cranton shared with the ‘Times:’ “We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.”
Karsten Nohl Ph.D, is attributed with the essence of a beautiful mind. The rising tech icon has written several publications highly referred to in the engineering industry: ‘Implementable Privacy for RFID Systems,’ EnRUPT Hash Function,’ and ‘Privacy through Noise: A Design Space for Private Identification.’
In 2008, the young and superbly intelligent Nohl identified a weakness in wireless smart card chips used in transit systems around the world. Not more than a year later, he cracked the Global System for Mobile Communications (GSM) algorithm. Breaking the code allows attackers to eavesdrop on phone calls. A similar flaw found on the SIM card.
This is of course not intended to cause chaos or have millions of users tossing their phones into the trash. It is a technological breakthrough discovered by one of the brilliant minds in engineering. It is always suggested to check your bank accounts, credit cards and phone statements for any charges that are questionable. Nohl provided a way for the public to take precautionary steps on a flaw in one of the most used electronic devices in the world.
The German cryptographer genius will be revealing his findings to a packed Black Hat security conference later this month in Las Vegas. Nohl does offer reassurances that it’s highly unlikely any attackers have discovered the code. Now that it has been exposed, Nohl estimates it would take an attacker six months to configure the code, allowing the industry time to close up the flaw.
Nohl further stated, “Companies are surprisingly open to the idea of working cooperatively on security topics because the competition is somewhere else. The competition is organized crime, not AT&T versus T-Mobile.”
In the essence of security, Nohl is correct. Companies will not compete for security, this is a natural and quiet collaboration to ensure the security of devices to appeal to consumers. Nohl shared after the flaw was discovered, two large carriers were already working with their development teams to discover an immediate patch. Although, it seems the tech companies are batting away questions in relation to the potential flaw.
The two largest American telecommunications firms, AT&T and Verizon both acknowledged the reveal from Nohl. AT&T reassured consumers their phones have used SIMs with triple Data Encryption Standards (3DES) for almost a decade. Verizon did not clarify if this follows suite in their organization.
Nohl exposed a SIM card flaw that could potentially affect up to 750 million phones around the globe to data hijacking. A field that has been marred with the newest and biggest smartphone will now have a greater concern to address with consumers. Nohl simply starts on his next process of discovery, to save the technological, flawed world.