According to reports from the BBC, a leading Internet security expert has warned of a security flaw he found that could expose millions of mobile phone users to hackers who could use the flaw to steal identities or intercept phone calls. Security Research Labs' Karsten Nohl claims to have found a way to discover SIM card digital keys by sending a text message to mobile phones. Nohl told the BBC the security flaw is based in the old digital encryption standard (DES) of the 1970s. This form of encryption was once thought to be incredibly secure. As it turns out, it is not. It can be easily breached by anyone with a computer and a few minutes to kill. In order to test the potential flaw, Nohl sent text messages to a group of phones. The messages were disguised as official communications from mobile phone carriers. While most phones would end the communication upon discovering an incorrect digital signature, some of them sent a response containing the SIM card's encrypted digital signature. By decrypting that signature, a hacker can potentially access a mobile phone's SIM card as a means of intercepting calls or stealing data. The GSMA is taking the threat seriously, looking into the number of mobile phones that might potentially be affected. Though neither Nohl nor the BBC disclosed what countries might be most affected, they did say mobile phone users in Africa are particularly vulnerable. It has been recommended that people with older phones be careful about using their devices to conduct online banking or other sensitive transactions.

Why It's a Problem

Like any potential hacking scenario, the security issues with mobile phone SIM cards could develop into a big problem if manufacturers and carriers do not do something about it. The problem is further exacerbated by the realisation that even 3G and 4G phones are vulnerable. Any transaction linking a mobile phone to Internet networking could be accessed by hackers who manage to get hold of SIM card information. Online banking has already been mentioned as a potential problem, so let's use it as an example here. A mobile phone used for online banking could be a target with the right SIM card. By simply sending a text message and waiting for the response, a hacker can have control of a phone in a matter of minutes. Without the phone’s owner ever knowing, a bank account can be accessed and drained rather easily. Another concern is that hackers might take control of mobile phones and use them to send text messages to other phones, multiplying the problem like so many computer viruses and spyware programs. The potential is certainly there if Nohl's estimate of 500 million to 750 million affected phones is true. According to the BBC, phone manufacturers and service providers should be on the case very quickly. They said to expect security fixes to start being available for download in the near future. At least that's good news.