Karsten says there flaw in the encryption can be used by hackers to obtain the SIM card's digital key, a 56-digit sequence which can be used for wrongful doings. Reportedly the security specialist was able to use the key to send a virus to the SIM card via test message, which allowed him to take control the victim's phone, make purchases through mobile payment systems. Apparently he could even impersonate the phone's owner.
He added that he was able to execute the whole procedure, within a matter of two minutes, using a simple personal computer. He estimates that arround 750 million phones may be vulnerable to such attacks.
"We can remotely install software on a handset that operates completely independently from your phone," Karsten said.
"We can spy on you. We know your encryption keys for calls. We can read your S.M.S.'s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account." he added.
Karsten said the flaw was discovered in the data encryption standard ( D.E.S), a an encryption method developed in the 1970s. After discovering the vulnerability, he and his team carried out a research where 1000 SIM cards from mobile networks in Europe and North America, were tested out over a period of two years. The SIM cards and phones used for this research was used by Karsten and the team. According to the findings one-quarter of the SIM cards using older encryption technology exhibited this flaw.
Most Telecoms operators are known to have adopted a more secure encryption method called Triple D.E.S. for their SIM cards, in the last years. However, there are many SIM cards that still run the old standard.