Expert: SIM cards can now be hacked

Close-up of a mobile phone SIM card

Adrian Weckler, technology editor

July 21 2013 05:44 PM

Mobile phone users have been put on alert after it was revealed that sim cards can now be hacked, possibly leading to fraud and soaring premium rate bills.

Mobile operators have admitted they are aware of the flaw and are taking steps to try and patch the security gaps before customers are hit.

Ireland has 5.5 million active mobile phone subscriptions, most of which are now smartphones, capable of accessing online banking and other sensitive personal information.

The security flaw is due to aging sim card security technology, which has struggled to keep up with high-tech smartphones such as the iPhone and Samsung’s Galaxy S4.

The news will worry mobile users who now rely on their phones to pay bills and transfer money. Irish mobile operators and banks are currently trialling contactless payment systems using smartphones.

The sim card hacking flaw was discovered by German programmer Karsten Nohl, who has informed mobile operators of the potential danger.

“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Kohl told reporters today.

The hack works by manipulating a coding technology used by operators to update sim cards. Properly equipped, a hacker can send a code to a sim card to gain access to a phone’s systems, from where fraudulent activity can be perpetrated.

Nohl said that a quarter of all sim cards he tested could be hacked.

However, the international umbrella mobile operator organisation, the GSMA, said that the flaw was limited to a minority of sim cards and that newer sim cards may not be affected.. It said that it had advised operators of the security risks involved.