German mobile security expert Karsten Nohl (pictured) claims to have discovered an encryption flaw in some older SIM cards, according to Forbes.
Nohl and his team tested nearly 1,000 SIMs for vulnerabilities. Having discovered the encryption flaw, Nohl obtained the card’s digital key which allowed him to infect the SIM with a virus which could be used to remotely defraud the user.
One method mentioned in the article was defrauding mobile payment systems, including NFC.
However, the level of potential infection appears hard to estimate. “Different shipments of SIM cards either have [the bug] or not,” says Nohl, who is chief scientist of Security Research Labs. “It’s very random.”
Nohl said “just under a quarter” of the SIMs tested might be infected. Overall he estimates an eighth of the world’s SIM cards are at risk.
The GSMA has looked into the security expert’s findings and said that a minority of SIMs based on older standards could be vulnerable. The organisation has already provided guidance to mobile operators and SIM card vendors who could be at risk. There is no evidence to suggest that today’s more secure SIMs are vulnerable said the GSMA.
Nohl will present his findings during the Black Hat security conference which takes place between 27 July and 1 August in Las Vegas.