How many text messages does it take to hack your GSM phone? Just two, according to Karsten Nohl of Security Research Labs, due to poor code implementation and configuration akin to just about any computing system. That said, your phone is a potential tool to steal your identity.
As discovered by Nohl, the compromise in security is achievable in only a couple of minutes and through the use of personal computer. An SMS, modified to fool phones that it’s as if it’s a legit message from a cellular carrier, is sent and gets back an error message that includes crucial information needed to access the SIM card’s digital key. Once that info is obtained, another SMS can be sent to spy and even control the user’s calls, text messages, mobile payments, and more.
Not all SIM cards are affected, only the ones that use the outdated data encryption standard (DES). Cards that implement the newer and more secure Triple DES are unaffected. However, Nohl estimates as many as 500 million mobile devices worldwide that are still vulnerable to the hack.
The GSM Association has already been informed about the exploit, as well as carriers and SIM producers that rely on DES. A fix, according to Nohl, should be easy to implement and does not even require the users’ intervention and awareness. The complete details of the exploit will be fully explained by Nohl on July 31 at this year’s Black Hat conference in the US.