In this way, Karsten was in position to send a virus via SMS to the SIM card that would allow him to wiretap conversations, shopp via mobile toll system, and even to copy card. The whole operation can be completed in just two minutes using a personal computer, according to his estimate, this security flaw has been subject to around 750 million mobile phones in the world. Karsten says that newer SIM cards that use Triple DES encryption are not subject to this kind of hacking, but many of today cellphones still use the old standard.
Demonstration of this type of SIM card hacking, Karsten will do at the Black Hat conference in Las Vegas, which will be held from July 27th to August 1st this year. Manufacturers of SIM card that received the results of Nohl's research do not want to comment on the case until they see the demonstration at the Black Hat conference, and some of them says that they have already completely embraced the new Triple DES standard.
[Ed - As mentioned most SIM cards have moved away from older encryption standards and are using 3DES or AES which are outside of the real of this hack. It puts the hack into perspective as there might be less phone affected than some are suggesting..]
Tell us what you think in our Forum