1 Of Every 8 SIM Cards Can Be Hacked: Will Mobile Technology Ever Be Completely Secure?

SIM-Card-HackMobile phone SIM card technology has been compromised, leaving users vulnerable to the possibility of being robbed and/or spied on. The small chips, previously considered hack-proof, authenticate user identity and also store limited amounts of data such as texts, banking information, contacts, etc. Karsten Nohl discovered the glitch and says roughly one in eight SIM cards are at risk, but won’t publish information regarding which phone owners are most at risk until operators have an opportunity to address the issue. In light of this development, we asked Zintro experts in the Mobile Data Security field whether or not information stored via mobile technology can ever be completely secure.

Narendra S. Sahoo, an ethical hacker and penetration tester, believes  “this is a shocking development, since [previously] the only part of a cellphone that was considered ‘un-hackable’ was the SIM Card.” “Thankfully,” Sahoo points out, this error was “discovered by an ethical cryptologist who has since given the information to the parent companies so they can fix this vulnerability. [While] this vulnerability doesn’t affect all SIM cards [it] sounds serious since it gives the hacker ‘remote control’ ability of the compromised phone.”

According to Sahoo, “Security by any standards is an evolving area with Blackhats, [hackers who violate computer security for some sort of personal gain] and Whitehats, who find weaknesses to make the technology more stable. With new vectors for exploitation continuously evolving and being discovered, no technology will ever be ‘un-hackable’ or ‘perfect.’” Sahoo asserts that the industry needs “more Whitehats to come forward and identify vulnerabilities,” and suggests that “companies to work not solely towards blind profiteering, but sponsor individuals who invest their time and resources into finding [defects].”

Steven Hoober specializes in mobile phone user experience and believes “technology can never be entirely safe or secure,” and that “the best we can do for conventional technical security issues (hackers, malware, etc.) is follow good security practices.” “I don’t mean longer passwords,” Hoober explains, “but larger practices, like becoming aware [of] issues through out-of-band confirmations. What if your handset told you whenever an app shared data? That would be tedious, but perhaps clever technology could alert [users] to exceptional cases like credit card fraud.” “Another key problem everyone is forgetting” continues Hoober, “is that operators simply must have all sorts of information. Inherent in the way mobile networks operate (and somewhat different from the inherent requirements of the Internet as a whole) is a lot of reliance on location and time being logged.

“Even if we can make the government spying illegal, the fact that your security is outside your control should not be forgotten. From your mobile operator to Google and Amazon, personal information more or less has to be shared to perform data-centric tasks. We rely on not just the good graces and trustworthy morals of these other parties,” but also that these entities will ensure “competent security practices.”

By Gabriela Meller

Zintro has experts in every industry sector, across every job function, in every geographic region. Recently, some of the following topics have seen inquiry activity: