Major wireless carriers have fixed a bug that could have allowed criminals to hack into hundreds of millions of cell phones, says a security expert who exposed the flaw.
Cryptographer Karsten Nohl of Security Research Labs in Germany says he discovered the bug after spending three years figuring out how to hack SIM cards, those tiny removable plastic cards found in cell phones and other mobile devices.
Nohl accessed the SIM cards by exploiting flaws in the encryption keys and sending a hidden SMS text message. SIM cards can identify the phone's owner and store some sensitive personal data, such as payment information.
Nohl's findings sent ripples through the wireless industry when they were first revealed July 21. While phones are known to be susceptible to a range of security issues and attacks, the old dependable SIM card was considered safe.
Nohl was scheduled to demonstrate his SIM card hack Wednesday at Black Hat, a computer-security conference in Las Vegas. Instead, he announced that five wireless carriers had rushed to push out updates that patched the problem.
Because of the fix, he was only able to demonstrate parts of the hack. Nohl declined to name the carriers involved.
Physically replacing millions of compromised SIM cards around the world would have been a huge and costly undertaking for carriers -- and a security concern for phone owners. Instead, the companies came up with a more creative solution: They took advantage of the same Java vulnerability Nohl found and used it to hack into their own cards and rewrite parts of their operating systems.
Nohl praised the carriers' quick action.
"They're adopting hacking methods to make it more secure," he said at a press conference ahead of his talk. "Abusing the Java vulnerabilities to update the card is the neatest outcome of this."
With access to a phone's SIM card, criminals could carry out a range of attacks. They could run up charges on a phone bill, intercept phone calls, remotely control phones, track the location of devices and even access financial information. The bug could be especially damaging in places such as Africa, where many people use their phones not just for communication but as mobile banking systems.
A quick fix from a company is the ideal outcome for so-called "white hat" hackers such as Nohl, who spend their time finding possible weaknesses in computer systems before criminals can exploit them. Every year at Black Hat, researchers present their latest findings and hacks.
The hackers typically receive varying reactions from companies after exposing their vulnerabilities. While some companies do acknowledge issues and respond with a quick fix, others wait until criminals exploit a flaw before taking action.
Nohl said Wednesday that companies still have not fixed most of his other computer-bug findings from the past four years.