Last month, we reported a hack which could easily let out all the information just by using two simple SMSes which played with the algorithm of your phone and put millions at risk. Thankfully, network operators or carriers are finally on track to resolving the issue. The amazing thing is that they have come up with a solution that does not require going through the rigmarole of replacing millions of SIM cards. They are actually hacking into SIM cards and repairing them remotely.
Last month, researcher Karsten Nohl communicated the same to network operators’ association GSMA, rather than cashing in on the hack. Last week at the Black Hat conference in Las Vegas, he announced that network operators have now pushed a wireless update on SIMs too resolve the issue. It also feels great that they responded so quickly to this hack. It seems the criticism got to them and they have taken steps to rectify it as soon as they could. Nohl didn’t announce the name of the carriers that resolved the issue.
“They’re adopting hacking methods to make it more secure, Abusing the Java vulnerabilities to update the card is the neatest outcome of this.” – commented Nohl.
Obviously, physically replacing SIMs around the world is kind of a hard, expensive and nearly impossible task to achieve.
There is also newer encryption on SIM cards now, called the Triple DES. But half of the world is still using the older DES encryption, even though they might have moved on to better phones. However, if carriers are on the forefront of preventing any such attacks, it should work out great.
We just wonder if Indian carriers are pushing out the same updates, so far we haven’t heard anything from anyone here.