A United Nations telecoms group has issued an international alert about a bug in mobile phone SIM technology that could enable hackers to remotely attack at least half a billion devices.
Discovered by Berlin’s Security Research Labs, the bug allows hackers to remotely gain control of and clone some mobile SIM cards.
The hackers could use compromised SIMs to commit financial crimes or engage in electronic espionage.
The UN’s Geneva-based International Telecommunications Union, which has reviewed the research, said that it is “hugely significant”.
ITU Secretary General Hamadoun Touré told Reuters that the findings show where the world could be heading in terms of cybersecurity risks.
Cracking SIM cards is a key target for hackers because they allow operators to identify and authenticate subscribers as they use networks.
At the centre of the problem is an old encryption technology known as DES. Once a hacker copies a SIM, it can be used to make calls and send text messages impersonating the owner of the phone
The ITU estimates some 6 billion mobile phones are in use worldwide. It plans to work with the industry to identify how to protect vulnerable devices from attack, Touré said.