Nohl declined to name the carriers involved.
Earlier, Nohl had said the flaw he had discovered existed in the encryption method called the data encryption standard (DES), which was developed in the 1970s. His testing showed that about 25 percent of those SIM cards using DES encryption were vulnerable to the hack.
Nohl said he was able to hack into a device via its SIM card in about two minutes. The flaw allows hackers to obtain a SIM card’s digital key. Once that key was obtained, Nohl said, he was able to infect the SIM card with a virus through a text message.
Through the virus, he was able eavesdrop on calls, make purchases through mobile payment systems, and even impersonate the phone’s owner.
Physically replacing millions of vulnerable SIMs would have been a costly and complex undertaking for carriers. Instead, the carriers that have already provided a fix developed a hacker mindset. Using the same Java vulnerability Nohl discoverered, they used it to hack into their own SIMs and rewrite parts of their operating systems.
Kohl was pleased by the quick response of carriers. He said:
They're adopting hacking methods to make it more secure. Abusing the Java vulnerabilities to update the card is the neatest outcome of this.