By Jim Finkle
LAS VEGAS, July 31 (Reuters) - A well-known security expertsaid mobile carriers have quickly protected customers from asecurity bug that he revealed 10 days ago and that he estimatedhad put more than 500 million phones at risk of cyber attacks.
Karsten Nohl, chief scientist with Berlin's SecurityResearch Labs, led a research team at the German firm thatfigured out a way to remotely gain control of and also clonesome mobile SIM cards.
"Pretty much every carrier we have spoken to has fixed it,"Nohl said in advance of a talk late Wednesday afternoon at theBlack Hat hacking conference in Las Vegas.
The team was the first to accomplish the hacking feat, whichhas long been a Holy Grail of mobile hackers. The tiny, highlysecured devices are located in phones and allow operators toidentify and authenticate subscribers as they use networks.
He discussed that three-year research effort late Wednesdayafternoon in one of the most anticipated talks at Black Hat, aconference where some 7,000 security professionals gathered tohear about the latest risks posed by hacking.
Nohl said at a news conference prior to that talk that hewould not be able to demonstrate part of his technique forattacking SIM cards because he had prepared to show it on SIMsfrom five carriers, but that all five carriers had made changesto prevent them from being hacked.
Nohl is a so-called "white hat," or a hacker who figures outhow to attack things in a bid to find vulnerabilities so thatcompanies can fix bugs before criminals can exploit them.
He told Reuters that he was pleased that they hadimplemented the fix before his demonstration because that meansthey are ahead of criminal hackers, who could use compromisedSIMs to commit financial crimes or engage in electronicespionage.
Nohl said that carriers have used methods to fix the bug inSIM cards without having to physically replace them, which wouldhave been quite costly.
He said he was not sure whether all carriers around theworld have fixed the bug, but that he had checked with manymajor carriers and that they had gone ahead and taken care ofthe security problem.
Vodafone (VOD)