How Your Cellphone Could Be Hacked "In About Two Minutes" Via Text Message

An encryption flaw in some SIM cards means roughly 750 million phones could be susceptible to hackers.

Thanks to an encryption flaw in some SIM cards, your cellphone could be hacked in a couple of minutes merely by sending two SMS messages. The resulting security hole could leave individuals vulnerable to theft, surveillance, impersonation, and eavesdropping, says security expert Karsten Nohl, who tested around 1,000 SIM cards from North American and European networks. The breach works by cloaking a text message to look like it's been sent from a carrier. The phone sends an error message back that contains all the information a hacker needs to work out the SIM card's digital key.

“We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”

Although the hack only worked on around a quarter of cards encrypted with DES, the remaining three-quarters of the cards recognized that the original message was a hack. With around half of the world's six billion cellphones using DES, that means around three quarters of a billion devices could be vulnerable. SIMs protected by triple-DES, a newer encryption system, are exempt.

Mr Nohl will uncover the rest of his findings at the Black Hat convention in Las Vegas next month.

[Image: Flickr user Luciano Belviso]

Add New Comment

1 Comments

  • sahil

    A.O.A Mujhy ik trick chahye jis k zariye me apne kisi bhi frnd k number pe aane wali callz or sms ki incoming or outgoing maloom kar sakun plzzz help me its v.v.v.v.v.v very important for me agr possible hai to plz mujhy btaya jaye me is k liye kuch b kr skta hun plz.!! my num is 03325576555