German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud. Nohl, will be presenting his findings at the Black Hat security conference in Las Vegas on July 31.
This theoretically could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud. He estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices
ANother flaw Nohl identifies is badly-configured Java Card sandboxing “affects every operator who uses cards from two main vendors,” including carriers like AT&T and Verizon who use robust encryption standards
There are signficant implications for mobile banking and payments.
