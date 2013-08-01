By Jim Finkle
| LAS VEGAS, July 31
LAS VEGAS, July 31 A well-known security expert
said mobile carriers have quickly protected customers from a
security bug that he revealed 10 days ago and that he estimated
had put more than 500 million phones at risk of cyber attacks.
Karsten Nohl, chief scientist with Berlin's Security
Research Labs, led a research team at the German firm that
figured out a way to remotely gain control of and also clone
some mobile SIM cards.
"Pretty much every carrier we have spoken to has fixed it,"
Nohl said in advance of a talk late Wednesday afternoon at the
Black Hat hacking conference in Las Vegas.
The team was the first to accomplish the hacking feat, which
has long been a Holy Grail of mobile hackers. The tiny, highly
secured devices are located in phones and allow operators to
identify and authenticate subscribers as they use networks.
He discussed that three-year research effort late Wednesday
afternoon in one of the most anticipated talks at Black Hat, a
conference where some 7,000 security professionals gathered to
hear about the latest risks posed by hacking.
Nohl said at a news conference prior to that talk that he
would not be able to demonstrate part of his technique for
attacking SIM cards because he had prepared to show it on SIMs
from five carriers, but that all five carriers had made changes
to prevent them from being hacked.
Nohl is a so-called "white hat," or a hacker who figures out
how to attack things in a bid to find vulnerabilities so that
companies can fix bugs before criminals can exploit them.
He told Reuters that he was pleased that they had
implemented the fix before his demonstration because that means
they are ahead of criminal hackers, who could use compromised
SIMs to commit financial crimes or engage in electronic
espionage.
Nohl said that carriers have used methods to fix the bug in
SIM cards without having to physically replace them, which would
have been quite costly.
He said he was not sure whether all carriers around the
world have fixed the bug, but that he had checked with many
major carriers and that they had gone ahead and taken care of
the security problem.