German cryptographer Karsten Nohl has found out that some SIM cards can be hacked and expose millions of users to surveillance and fraud. Once again, poorly coded Java is a part of the problem.
At the upcoming Black Hat Security Conference on July 31, Nohl will be presenting his findings where the SIM cards with badly coded software and outdated encryption leave devices containing these SIMs open to infection with specialist viruses, initiate call redirection and recording and with the right collection of errors commit payment system fraud.
Team this up with emerging technology like NFC and we have a potential rash of security issues just ripe for the picking. The hack usually starts with the attacker sending a hidden SMS to first probe the encryption then by testing the Java based system for the security flaw.
Fixing the problem is as simple as replacing the SIM card with another card that has updated encryption and a better coded system. These SIM cards are actually quite intelligent and could be regarded as simple computers with their own operating systems and able to install and run their own apps.
Hopefully we will see carriers with affected SIM cards proactively replace or remotely update the faulty cards to prevent any security breaches.
Click the link to have a look at the Forbes story.