Text Message Tricks Phones Into Giving Up Your Info

A security researcher says hundreds of millions of mobile phones could easily be hacked with nothing more than a specially crafted text message. The hacker could then intercept calls or use the compromised phone to make cash.

Karsten Nohl says the problem is with SIM cards, which are used to tell a phone which account to use and the number on which to send and receive calls and messages. He says many SIM cards still use an outdated algorithm for encryption to stop other people accessing information about the account. (Source: srlabs.de)

Nohl says his testing found a major flaw with these SIM cards. He was able to send a specially written text message to a phone with such a SIM card, asking to access data. As you'd expect, the phone replied with a message refusing the request.

Mobile Phone Gives Up Own Secrets

The problem is that this reply included vital information Nohl used to figure out the encryption key on the SIM card.

Using that key, Nohl was then able to send messages with instructions for the phone to carry out a range of activities. This included sending messages to premium-rate numbers, giving up the phone's location, and even redirecting incoming calls so that he could intercept and listen in on conversations.

Nohl says he tested around 1,000 SIM cards and found just under one-quarter were vulnerable to attack. He says that, given the distribution of cards, several hundred million phones could be vulnerable worldwide.

Mobile Industry Has Six Months to Act

The good news is that Nohl believes hackers aren't currently aware of the flaw. In fact, he believes it could be six months before hackers are able to use the strategy for launching an attack.

He believes that's enough time for the mobile industry to find solutions for the problem. This could include making changes to SIM cards, adjusting the software on phones, or adapting the way phone networks handle text messages.

That means there's a good chance most users will wind up protected in one way or another.

Nohl has already given complete details of his research -- including information he won't be making public -- to international bodies dealing with mobile phones.

The International Telecommunications Union, a United Nations agency, will reportedly issue a warning to all mobile phone operators around the world. (Source: theregister.co.uk)