Karsten Nohl from Berlin-based Security Research Labs has found a way to use ‘over the air’ updates to take over mobile phones. Although it only affects older SIM cards, he says the security flaw could affect up to 750 million phones worldwide.
By ‘rooting’ a SIM card, a criminal could take over most of a phone’s features - from sending text messages to making online purchases.
The flaw involves sending an incorrect code to a mobile phone by SMS. Some phones then respond with a rejection message that can be cracked in a matter of minutes. This cracked key can then be used to send ‘over the air’ updates that appear to come from the customer’s network - but actually give the criminal full access to the phone and its features.
More details of the issue will be presented at the Black Hat security conference next week. The GSMA has already been informed of the problem and has passed the information on to its members.
[More details: SR Labs; NYTimes.com]