A massive mobile phone security alert was issued today after an expert exposed a “critical hacking risk” in the SIM cards used in handsets.
The bug affects an estimated 750 million handsets worldwide using an older security standard known as DES, and allows hackers to eavesdrop on calls, send premium rate messages and even clone a card to make calls.
According to Karsten Nohl, founder of Security Research Labs in Berlin, taking control of a SIM takes less than two minutes. He told the New York Times: “We can remotely install software on a handset that operates completely independently from your phone. We can spy on you. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”
The researchers are working with the GSM Association, an organisation based in London that represents the mobile industry, to help manufacturers close the loophole.
However, Claire Cranton of the GMSA said: “There is no evidence to suggest that today’s more secure SIMs will be affected.”
