SIM cards have been proven to pose serious security risks for users through hackability, threatening safety of mobile bankers.
Mobile security expert Karsten Nohl has found a weakness in SIM cards’ digital keys through sending a message directly to the storage chip.
Nohl warned the criminal capabilities of this discovery could result in spying, giving thieves a gap to take advantage of payment details and intercept calls.
He explained the revelation is a warning to African mobile banking subscribers in particular.
“Here in Europe we use a SIM card to make phone calls and texts, but many people in Africa also use them for mobile banking,” Nohl said, as reported by BBC.
The Global Mobile Suppliers Association (GMSA) has looked into the allegations to deliver a preliminary analysis.
A spokesperson from the GSMA said: “We have been able to consider the implications and provide guidance to those network operators and SIM vendors that may be impacted.”
Although the agency reported the risk to be “minor”, referring to standards of older manufactured SIM cards, Nohl’s published findings seem more serious.
According to him, only one in every eight SIM cards is considered as possibly safe.
Access is granted to personal information of a mobile device owner by cracking the authentication code to card, mocking communication from the operator.
Once the attempt succeeds, loading Java malware onto the card is an easy move.
Although approximately 25 per cent of devices detect the falsehood after a while, the error is reported with a message containing the encrypted authentication code.
The encrypted details were seen as a safety measure when employed in the 1970s as part of the Digital Encryption Standard (DES), though less than two minutes is needed to crack the code nowadays.
However, the GMSA has found no evidence to suggest modern SIM cards are at such a high level risk as of yet.
Desiring to alert operators and motivate action, Nohl has announced his full report will only be published by December.
The United Nations’ International Telecommunications Union (ITU) has also been informed of the potentially dangerous findings.
