A security researcher has uncovered a flaw in certain SIM cards which could allow criminals remote access to your phone.

SIM CArd Security Flaw
A staff member poses with a mock oversized Vodafone Secure SIM card at the Vodafone booth at the CeBit computer fair in Hanover, March, 5, 2012.

Mobile phones these days come in all shapes and sizes. From the cheap-and-cheerful feature phones like Nokia's Asha range to the big-and-mighty phablet devices such as the Galaxy Note. Whlie there are huge differences in what these phone looks like and what they can do, one feature remains constant - the SIM card.

While it had been seen as one of the most secure aspects of a mobile phone, after a decade of no security flaws being discovered, a security researcher is about to present the results of three years of study, culminating in the discovery of a security flaw which allows for the remote hacking of smartphones using certain types of SIM cards.

The flaw, if exploited properly could expose up to 750 million phones around the world to be remotely hacked, and let the cyber-criminals steal billions of pounds from phone users.

German cryptographer Karsten Nohl claims his talk at hacker conference Black Hat 2013 taking place in Las Vegas next week will end "this myth of unbreakable SIM cards" and show that "[SIM] cards - like any other computing system - are plagued by implementation and configuration bugs."

Cracking the encryption

Nohl and his team have been working on cracking the encryption and software which runs on SIM cards for three years and have tested almost 1,000 SIM cards for vulnerabilities.

Nohl was close to giving up on ever finding a break through in his research before he uncovered the flaw, which is based on an old standard used by some SIM card manufacturers together with some badly configured code.

According to the German there are seven billion SIM cards in use today, but the flaw will only affect a subset of these cards - those using outdated security measures.

Nohl works for Security Research Labs who have released some details about how the hack works on its blog.


The security flaw could give hackers wide-ranging access to users' phones. If exploited fully, the security flaw could allow hackers to remotely infect a SIM with a virus that sends premium rate text messages without the users' knowledge, surreptitiously secretly re-directing and recording calls, and - with the right combination of bugs - the hackers could even carry out payment system fraud.

Using SIM cards for making payments is not widely popular in developed countries but it is widely used in regions like Africa.

According to Nohl, almost 25% of all SIM cards he tested were susceptible to attack using this security flaw, but it is hard to tell which SIM cards are at risk and which are not as there is no obvious pattern beyond the presence of an older encryption standard.

"Different shipments of SIM cards either have [the bug] or not," Nohl told Forbes. "It's very random." The researcher, who works for Security Researcher Labs, estimates that half a billion SIM cards are at risk.


The SIM cards could be breached simply using an over-the-air (OTA) update sent via a binary SMS, which the end user would never see. Networks and manufacturers use this invisible method of updating SIM cards in order to add functionality to systems, such as opening the card up to be used by networks in other countries.

While some SIM cards now use state-of-the-art AES encryption for OTA updates, many (if not most) SIM cards still rely on the 70s-era DES cipher, which was shown to be crackable within days of its release.

A hacker who sends a binary SMS will not immediately crack the encryption, but will receive an error message which carrys a cryptographic signature, once again sent over binary SMS. Using a typical computer this can be cracked using what are known as Rainbow Tables within two minutes according to Nohl.

The industry organisation GSMA is aware of the issue and is already working on a solution, and it is not thought to have been exploited by hackers this far.