It’s probably safe to say that the majority of smartphone users have no idea if their phone is ‘secure’ as far as hackers are concerned, or how to go about making it secure if it isn’t. The bad news is: odds are fairly high that the phone you’re using is vulnerable to a cyber attack and your privacy and financial data are at risk. This is the conclusion of Karsten Nohl, a security researcher and founder of Security Research Labs in Berlin.
All the available data indicates that at the very least, some 500 million phones currently in use or on the market are vulnerable to the sort of intrusion he’s talking about. They are phones that are still using DES, the obsolete encryption technology that was found to be ‘breakable’ in 1998. The strictly non-technical explanation is that SIMs (subscriber identification modules) in these phones can be taken over and/or cloned by hackers, allowing them control of accounts and all the other personal data that is supposed to be protected.
Nohl is scheduled to present his findings and explain how the ‘bug’ can work on 31 July at the BlackHat conference in Las Vegas. That conference, by the way, is attended by all kinds of people involved in digital security, including government agencies, big corporations – and hackers. In the meantime, the warning is out to wireless networks in some 200 counties around the world that may need to update their encryption systems.
In the US, both T-Mobile and AT&T made reassuring statements to the effect that their SIMs use newer technology, not the old DES, and their customers should not worry about hackers stealing their identity or their money. However that doesn’t cover anyone still using an older SIM card – and many users are reluctant to make any changes on their own, like slotting in a new card. Ultimately the burden of user security in this case will probably fall on the network carriers.