22 July 2013

Mizoram Unable To Implement Food Scheme, says Lalthanhawla

Aizawl, Jul 22 : The Congress-ruled Mizoram would not be able to implement the Food Security Scheme, the pet project of UPA chairperson and AICC president Sonia Gandhi, due to fiscal crunch in the state.

Chief minister Lal Thanhawla, who returned to Aizawl on Friday after attending the meeting of the Congress chief ministers and state PCC chiefs on the scheme held at 10 Janpath on July 13, said it would be impossible to implement the scheme in the state.

"I have spoken at the meeting also and said that Mizoram would not be implementing the scheme unless the Centre provides financial assistance," Lal Thanhawla told the media here on Friday evening. He added that with the state assembly polls due in five months, it would be difficult to take up new and expensive schemes.

According to state food, civil supplies and consumer affairs department officials, 6.33 lakh people would be covered under the scheme in the state as per the central government's calculations who would receive 31.65 lakh kg per month as per the scheme.

The officials said the additional expenses to be incurred if the Food Security Scheme was implemented would be a huge burden to the state's exchequer. Earlier, food, civil supplies and consumer affairs minister H Rohluna said the state government had asked the Centre to raise the quantity of rice to be given to the people from the proposed 5 to 8 kg to be sold at Rs 3 a kg. "If the quantity is not increased, the state government, which is giving 8 kg of rice to each person in the state at present, has to pay 3 kg from its own fund at a higher rate and it would be a great burden," said Rohluna.

Mizoram Law Commission working on Marriage Bill

Aizawl, Jul 22 : Mizoram Law Commission is currently working with "The Mizo Marriage, Divorce & Inheritance Bill, 2013" which they said is likely to be finalized by July 26.

Mizoram Law Commission Chairman, R Lalrinawma said, "We the Mizos simply follow our Customary Laws for marriage, divorce and inheritance, which is but not a law per se.

It is also not clear which one of our marriages is taken into account, whether the marriage in the church or of the traditional rites at homes.

Therefore, we want to be specific about all these, and thereby have a proper law" .

"The law as drafted will especially benefit the womenfolk as to ensure their shares in case of divorce, inheritance etc.," the Law Commission Chairman added.

He then said, "The law which has been drafted, if approved, shall be put up to the Assembly", adding, "On the condition if the demand for the law is high enough, it could be used through Ordinance even before it is passed by the Assembly" .

Fulfilling its manifesto in the 2008 Assembly Election, the ruling Congress party has set up the 'Mizoram Law Commission' on April 21, 2009.Besides its Chairman and the Member Secretary, the Law Commission comprises 10 members.

It can be noted here that on July 10, Mizoram State Law Commission in its 18th meeting had discussed on The Mizo Marriage Bill, The Inheritance Bill, 2013 and had reviewed them.

That meeting had proposed to hold seminar and consultation programmes for wider discussion over the Bills, after which, they shall be put up to the State Assembly.

Talking about the bills being reviewed Mizoram Law Commission Chairman, R.Lalrinawma said such Bills are important for all the Mizo families.

This is especially for the improvement and upliftment of the condition of the Mizo women, he added.

Even the State Government finds it crucial, the Chairman further said, and added that due to the need for utmost cautiousness the Bills cannot be brought forward earlier in time, but now it has been brought to its final stage which is thankful.

It is necessary that such crucial laws are had by the society, the Law Commission Chairman said.

Software Tech Park in Mizoram Soon

Aizawl, Jul 22 :  Mizoram Minister for Information and Communication Zodintluanga today said that Software Technology Park would soon be established at the Mizoram University Campus near Aizawl.

In the inaugural function of the Rural Information Kiosk, Zodintluanga said that a temporary office of the Park was being set up at the building of Ch—Chhunga Bus Terminus at the outskirts of Aizawl,

He said that the Power Grid Corporation of India has erected overhead optic fibre cable up to their office in Ramrirawn near Aizawl which would also be used by the service providers including BSNL and Airtel.

The Rural Information Kiosk was to connect even the remotest village in the state and operators have been appointed for 153 villages.

Zoram Electronics Development Corporation (ZENICS), a state government public sector unit was entrusted to implement the Kiosk in the state.

ILP Impact on the Northeast

By Patricia Mukhim

Activists of the students’ wing of the Inner-Line Permit Demand Committee of Manipur tussle with police personnel during a demonstration in Imphal recently. (PTI)

Cross-border influx is causing considerable angst among people of the Northeast.

This unabated influx from Bangladesh threatens to upset the demographic balance especially of the smaller tribal states. These fears cannot be discounted since Tripura stands out as a classic case of tribals being reduced to a minority in their homeland.

The Tripura case is enough to ignite anger, fear, a sense of betrayal and of livelihoods being taken away. The natural reaction since the early Seventies has been to subject anyone who has the appearance of a Bangladeshi (he/she could be a Bengali of Indian origin or someone who looks like a Bengali) to physical violence in an attempt at ethnic cleansing. But this has not solved the problem. We need effective mechanisms such as a comprehensive identity card to distinguish citizens from non-citizens. The first right of a citizen to the benefits of a welfare state cannot be taken away from him. But there are complaints galore that in the char (riverine) areas of Assam, which allegedly are populated largely by immigrants, much of the benefits accruing from the National Rural Employment Guarantee Scheme (NREGS) and the National Rural Health Mission (NRHM) are being availed of by illegal immigrants. Now whether these residents are today Indian citizens by birth, their parents having arrived in India prior to 1971 or whether they are recent immigrants, is difficult to tell in the absence of authentic data since the National Register of Citizens (NRC) in Assam is yet to be updated. This is a highly problematic situation.

Homeland woes

The conflagration in Bodoland in July 2011 was largely due to a fear of demographic aggression from across the Bangladesh border. Illegal immigration and internal migration over long periods of time have reduced the Bodo people into a minority in their homeland marked as the Bodoland Territorial Council (BTC).

Assam on the whole is losing its diversity and this is evident from the number of Muslim representatives in its legislature and the changing demography of the population. Yet it is a fact that without the Bangladeshi immigrant, Assam would find it difficult to produce crops that feed its population. Construction works from road-making to buildings would be incomplete if there were no migrant labour.

Every home in Assam or any other northeastern state has a Bangladeshi domestic help. And this is true even of Mumbai and Delhi.

How do we unbundle this paradox? Building contractors in the entire region and coal mine owners in Meghalaya would be hard put to find labour that can be paid a pittance but be made to work in back-breaking conditions.

The migrant does it to meet his/her basic needs. Hard economics defines the labour market. The Bangladeshi crosses over because there is work to do. If there weren’t any work why would he risk his life here?

Visa irony

In recent times, the clamour for sealing the borders with Bangladesh is growing louder. Further, civil society groups in the states of Manipur and Meghalaya are demanding the implementation of the inner-line permit (ILP) to check influx. Normally every visitor (Indian or foreigner) to Nagaland, Mizoram and Arunachal Pradesh has to have an ILP to gain entry into the states.

This is like getting a visa to enter your own country. Now whether this can check cross-border migration where people enter surreptitiously is a question mark. But somehow the populist demand seems to defy reason and logic.

Even with the ILP, Nagaland still complains of illegal immigrants gaining entry into the state and occupying prime space in commercial areas of Dimapur. Earlier this year, I had accompanied a group of journalism students from Mumbai, along with their mentors, to Nagaland. We had a proper ILP to enter the state. But after getting off the train at Dimapur we searched high and low for some policeman from the infiltration wing to show him our ILPs and could not find any. Hundreds of our co-passengers also merged with the crowd and vanished into the night. So what use was the ILP here? Nothing at all!

The inner-line permit or the Bengal Eastern Frontier Regulation Act of 1873 was designed to stop the belligerent hill tribal from raids into the plains. But the restriction on movement of the hill tribes was soon removed within a few years of the British occupation of these hills. The tribes were allowed to fish, hunt and attend markets freely on both sides of the line.

Insulation

But the plainsmen were never allowed to enter the hills without a pass. The hill tribals, whose activities had prompted the creation of the inner-line regulation, were thus exempted from the application of its provisions. Interestingly, the restrictions applied from then on only to the people of the neighbouring plains districts of Bengal and Assam for whose protection the line was initially defined. Hence the inner line failed to serve its original purpose.

Then what purpose did it serve? If the Lushai and Naga raids had ceased by 1897, why was the inner line continued as long as the British rule lasted in India?

The only reason perhaps was because the British saw how in terms of race, culture and worldview the hill tribes were very different from mainland India. The British were also aware that the spiritual and cultural identity of India was not manifest in its political unity. But they were far-sighted enough to recognise that the “Indian” culture was dominant and might permeate into the tribal culture and milieu which was until then without a written script.

The British in their wisdom felt that the tribes should be insulated from this dominant “Indian” culture and religion. Hence the inner-line regulation kept the Indian culture and religion effectively on the other side of the fence while the Christian missionaries were inducted for proselytisation of the hill tribes.

‘Outer line permit’

As to whether the British rulers empathised with the less civilised tribes or they were only planting the imperialist statecraft of “divide and rule,” it is not easy to decipher. But any which way we look at it, the ILP appears to have succeeded at least partially, in allowing the tribes to retain their cultural traits, although in terms of religion many have given up their indigenous faith.

It would take much space to debate the other pernicious aspects of imposing a western faith on a people who were not in a position yet to reason on equal terms with the British and also how the Christian inculturation of the tribes has undervalued much of their indigenous wisdom and value systems.

Given the above circumstances, the demand for an ILP at this point in history is regressive and unlikely to solve the problems of influx from Bangladesh since ILP presupposes that every traveller will come in via the officially designated entry points. Illegal migrants do not do that and it is ridiculous to think of curtailing the mobility of fellow Indians only because we wish to oust them out of a highly competitive and dwindling economic space in our own backyards. Many from the Northeast are seeking livelihoods outside the region. What happens if each state decides to give employment only to its own people and start a reverse Outer Line Permit? These are issues that require not just careful deliberation but intelligent calibration as well.

(The writer can be contacted at patricia17@rediffmail.com)

Homestays Transform Lives in Northeast India's Hills

Homestay tourism offers local hospitality for visitors and new economic opportunities for residents of the hills region.

By Sahana Ghosh

Chuikhim, (West Bengal), Jul 22 :

Villagers and guests play carom in a homestay in Chuikhim. Many residents in the hills of Sikkim and North Bengal have opened their homes to tourists and travellers, offering hospitality, home cooked meals and intimate views of the region's beauty. [Sahana Ghosh/Khabar]Not long ago, the 1,200-odd inhabitants in this sleepy village of Chuikhim, nestled in the Kalimpong hills, lived a meagre existence based on subsistence farming. Villagers and guests play carom in a homestay in Chuikhim. Many residents in the hills of Sikkim and North Bengal have opened their homes to tourists and travellers, offering hospitality, home cooked meals and intimate views of the region's beauty.

Their precarious financial situation got worse because most men of the 1.06km-altitude area whittled time away with gambling and alcohol. Encouraged by social workers, the village women sat vigil to try to restrain the men from drinking, but without much success.

Then, the women began to ponder about a way out of their financial woes and hit upon a unique idea -- hosting tourists on their way to Lolegaon and Kalimpong.

Durga Gurung, 50, was one of the first to see the benefits; she started making money by renting out two rooms of her small cottage to tourists. "I can now afford to send my son to the local school," Gurung told Khabar South Asia.

Kolkata resident Kuntala Ghosh, 58, who stayed with a Chuikhim host, was elated by the experience.
"This trip was nothing like any other in the hills. The homestay did not have any of the usual tourist trappings. The facilities may not be luxurious, but one feels in unity with nature here. And the hosts treated us as family."

Chuikhim's oldest resident, 90-year-old Bindramayee Chhetri, says she has finally seen change in the village. "For a long time, nothing seemed to change since the time I came here from Nepal as a 14-year-old bride," Chhetri told Khabar. "Now, thanks to the tourists, things are looking up."

Homestays an economic engine
Exact government statistics on the number of homestays are unavailable. Help Tourism, the region's largest private tour operator, lists some 20 homestays in North Bengal and Sikkim. But in some areas, there are 10 unofficial homestays per village.

Pawan Chamling, chief minister of Sikkim, said that the state aims to have 20 homestays in every village. The government is also training five youths from each village to be self-employed in tourism through homestays, he said.

To be sure, vegetable and poultry farming is the primary livelihood of most villagers in these areas, but homestays promote community-based, low-impact tourism that provides economic opportunity. Homestays also grow the economy without endangering the environment.

The entire belt of Darjeeling-Kalimpong-Sikkim is dotted with homestays provided by Tibetan, Lepcha, Bhutia and Sherpa families. Tourists can experience the rich cultural heritage of the hill people, the serene beauty of the Himalayas and picturesque cottages covered with orchids, magnolias and rhododendrons.

Guest house in Tinchuley
Throughout the year, the Gurung Guest House in Tinchuley, near the small town of Takdah, attracts a stream of tourists from the plains. The Gurung family built the guest house next to their family home, using the logs of aged pine trees.

Led by matriarch Sanu Gurung, 60, two generations of the family welcome guests with the traditional scarf, khada, and see them off when they leave – sometimes with tears in their eyes.

"Ours is not really a hotel," Gurung, also the postmaster at the local post office, told Khabar. "We want our guests to remember us as family and return to us again and again."

The entire Gurung family looks after the guests, feeding them home-cooked organic food, taking them on short treks through the forests and entertaining them with music in the evenings. The family has its own apple orchard, vegetable patch, poultry pen and a small tea garden. They employ villagers to make apple jelly and tamarind pickle, which is served to guests at the meals.

"We hardly need to buy any of the food items that we serve," said Dipen Gurung, her brother. The Guest House also has a small store selling souvenirs like locally made cookies, candies and small sachets of tea leaves.

Kolkata resident Kajal Choudhury, 70, who stayed at Gurung Guest House in 2011, cherishes the memory. "They even gifted us locally made cookies at the end of our stay," Chowdhury said.

On Maternity Leave, Mary Kom Awaits Biopic On Her Life

New Delhi, Jul 22 : Blessed with a third child, five-time world champion and Olympic medallist boxer M C Mary Kom is taking a one-year sabbatical from the ring while eagerly awaiting the release of a much-hyped biopic on her life starring Priyanka Chopra.

“I am taking a break. For the next six months, I won’t be training, after that I will start light training and get back to competitive fitness,” Mary Kom said while talking to PTI from Manipur.

“The entire process will take a year and I can afford that because there is no major international event lined up for the next 12 months at least,” explained the 30-year-old, who is a record five-time world champion.

“It’s the same route that I took the last time I became a mother,” added Mary referring to the twin boys — Rechungvar and Khupneivar — she gave birth to in 2007. The newest member in the family has been named Prince. Interestingly, she had gone on to become a world champion for the fourth time after her previous sabbatical.

The London Olympics bronze-medallist said her detractors might be talking about her hanging up the gloves after achieving almost everything that is there to be achieved, but she still has unfinished business in the ring.
Mary Kom thinks Priyanka Chopra is the right choice to play her on the big screen. Reuters

Mary Kom thinks Priyanka Chopra is the right choice to play her on the big screen. Reuters

“I could not get a gold in the Olympics. If the 48kg division is added for the 2016 Rio Olympics, then I would definitely give it a shot,” she said. “People do talk about what is the motivation to continue after achieving so much but they cannot understand that this is what I love the most and will do it till the time my body allows,” she added.

Away from the ring, she is all excited about the biopic being made on her life which has National award winning actor Priyanka Chopra portraying her on screen. “I was first told about the idea of a film on me during the London Olympics and my first reaction was that ‘it’s a joke’. But now that is being made, I am very excited and happy about it,” she said.

“As a Manipuri, I am very proud to be the first from my region on whom a Bollywood film is being made.”

Asked if she considers Chopra, who is not from the north-east, the right choice depicting her life, Mary said, “Absolutely, she is the right choice. The Director (Omang Kumar) knows best and he has the experience to decide the right person for the role. I personally feel Priyanka is the correct choice. She is very sweet, simple and kind,” Mary said of the actress, who recently visited her for two days as part of her preparations for the role.

“She visited my home town and got a feel of the life here. I hope she can translate it well on the screen. She was eager to know about me, my life and struggles, how I talk, she wanted to know everything,” recalled Mary.

But has she seen any of Chopra’s long list of movies? “Oh yes! I have seen most of them and I appreciate her talent. She is a good actor. When I met her, I realised we had similar upbringings and tastes,” opined the diminutive boxer.

Talking of biopics, Mary was glad to see the legendary Milkha Singh’s life coming on the silver screen recently in ‘Bhaag Milkha Bhaag’. “That guy, Farhan Akhtar (the film’s lead) actually looks like Milkha. I was amazed,” she said.

Centre For More Powers To Northeast Autonomous Councils

Agartala, Jul 22 : The central government is mulling delegating more powers to the autonomous district councils in the country's northeast region, a senior Congress leader said Friday.

"The United Progressive Alliance government has been considering the idea of amending the sixth schedule of the constitution to give more powers to the autonomous district councils of the northeastern region," Leader of Opposition in the Tripura assembly Ratan Lal Nath told reporters here.

Earlier this week, Nath led a five-member delegation from Tripura to meet Home Minister Sushilkumar Shinde in the national capital.

"Shinde told us that the central government sought opinion from the northeastern states in December last year on the proposed empowerment of the autonomous district councils," the senior Congress leader said.

However, he added that most of the northeastern states "except Left Front-ruled Tripura" have given their views on the issue to the central government.

The centre has proposed forming three-tier village councils and nagar panchayats under the autonomous district councils, he said.

Among the delegates from Tripura who met the home minister was Indigenous Nationalist Party of Tripura (INPT) president Bijay Kumar Hrangkhawal.

INPT, an ally of the Congress in Tripura, has been demanding governance of higher education up to college-level and control of land-related issues by the Tripura Tribal Areas Autonomous District Council (TTAADC).

Tripura Tribal Welfare Minister Aghore Debbarma said the government has finalised its opinion on the empowerment of the autonomous district councils and it would soon be communicated to the central government.

"The Left Front has given more powers to the TTAADC and held regular elections in the council. Several departments including education, forest, agriculture and health, have already been handed over to the TTAADC," Debbarma said.

The TTAADC, which facilitates the socio-economic development of tribals and has jurisdiction over two-thirds of the state's geographical area, was set up in 1985. Tribals form a third of Tripura's 3.7 million people.

There are 16 autonomous district councils (ADCs) in northeast India, facilitating the rights of governance to the local bodies by the tribals, who constitute 27 percent of the region's 40.55 million people.

Of the 16 autonomous councils, six are in Manipur, three each in Assam, Meghalaya and Mizoram, and one in Tripura.

SIM Cards Have Finally Been Hacked

By Parmy Olson
Security researcher Karsten Nohl says some SIM cards can be compromised because of wrongly configured Java Card software and weak encryption keys; Photo credit Luca Melette
Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there’s still one part of your mobile phone that remains safe and un-hackable: your SIM card.

Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud.

Nohl, who will be presenting his findings at the Black Hat security conference in Las Vegas on July 31, says his is the first hack of its kind in a decade, and comes after he and his team tested close to 1,000 SIM cards for vulnerabilities, exploited by simply sending a hidden SMS. The two-part flaw, based on an old security standard and badly configured code, could allow hackers to remotely infect a SIM with a virus that sends premium text messages (draining a mobile phone bill), surreptitiously re-direct and record calls, and — with the right combination of bugs — carry out payment system fraud.

Payment fraud could be a particular problem for mobile phone users in Africa, where SIM-card based payments are widespread. The deployment of so-called NFC payment technology, already slow to take off, could also be at risk, Nohl says, as well as the ability for carriers to track charges to each caller’s account.

There’s no obvious pattern to the flaw beyond the premise of an older encryption standard. “Different shipments of SIM cards either have [the bug] or not,” says Nohl, who is chief scientist at risk management firm Security Research Labs. “It’s very random.”
In his study, Nohl says just under a quarter of all the SIM cards he tested could be hacked, but given that encryption standards vary widely between countries, he estimates an eighth of the world’s SIM cards could be vulnerable, or about half a billion mobile devices.

Nohl, who was profiled by Forbes’ Andy Greenberg in 2011 for his work on breaking mobile encryption standards, believes it unlikely that cyber criminals have already found the bug. Now that word of the vulnerability is out, he expects it would take them at least six months to crack it, by which time the wireless industry will have implemented available fixes.

That effort may already be underway. Nohl says at least two large carriers have already tasked their staff with finding a patch for the SIM vulnerability, which they will share with other operators through the wireless trade body GSMA.

“Companies are surprisingly open to the idea of working cooperatively on security topics because the competition is somewhere else,” says Nohl. “The competition is organized crime, not AT&T versus T-Mobile.” (The situation in similarly in finance, where payment services like MasterCard, Visa, and American Express will work together under  industry association EMVco to improve security standards for smart cards.)

The market for SIMs is almost entirely fed by mobile carriers, and supplied by two leading global vendors, Gemalto and Oberthur Technologies. Both have profited heavily from the huge growth in mobile handsets: two years ago there were 1 billion SIM cards worldwide, and today there are more than 5 billion, says ABI Research analyst John Devlin, though the market is slowly reaching a plateau. SIMs are thought to be one of the most secure parts of a phone, he added, and as the carrier’s property, are “key to their relationship between you and I, the subscriber.”

Vodafone would not answer questions about the level of encryption its SIM cards used, and referred all media questions to GSMA. Both Verizon and AT&T said they knew of Nohl’s research, but said their SIM profiles were not vulnerable to the flaw. AT&T added that it had used SIMs with triple Data Encryption Standards (3DES) for almost a decade; Verizon did not specify why its SIMs were not vulnerable.

The London-based GSMA said it had looked at Nohl’s analysis and concurred that “a minority of SIMs produced against older standards could be vulnerable.” It said it had already provided guidance to network operators and SIM vendors who could be impacted by the flaw. “There is no evidence to suggest that today’s more secure SIMs, which are used to support a range of advanced services, will be affected,” a spokesperson added.


Nohl says that while AT&T and Verizon may benefit from robust SIM encryption standards, other carriers will use straight Data Encryption Standards (DES), guidelines developed in the 1970s that are fundamental to why he was able to “get root” on dozens of SIMs cards.

“Give me any phone number and there is some chance I will, a few minutes later, be able to remotely control this SIM card and even make a copy of it,” Nohl says.

SIM cards are essentially mini-computers with their own operating system and pre-installed software. To maintain security, many rely on a cryptographic standard called DES (digital encryption standard), which was invented by IBM in the 1970s and improved by the NSA. Some networks, like AT&T and the four major carriers in Germany, have moved away from using the old version of the standard, but others have not. Though Nohl didn’t identify a pattern to vulnerable SIMs in terms of manufacturers, the ones he could hack all used the old encryption standard.

Key to the hack is Java Card, a general purpose programming language used on 6 billion SIM cards. If operators need to update something on your SIM, for instance allowing interoperability with a carrier in another country, it will execute the right Java Card programs on your SIM by sending your mobile a binary SMS. This is a text message you will never see, sent through a method called over-the-air programming (OTA).

In early 2011, Nohl’s team started toying with the OTA protocol and noticed that when they used it to send commands to several SIM cards, some would refuse the command due to an incorrect cryptographic signature, while a few of those would also put a cryptographic signature on this error message.

With that signature and using a well known cryptographic method called rainbow tables, Nohl was able to crack the encryption key on the SIM card in about one minute. Carriers use this key  to remotely program a SIM, and it is unique to each card.

“Anybody who learns the key of a particular SIM can load any application on the SIM he wants, including malicious code,” says Jasper Van Woudenberg, CTO North America of smart-card security firm Riscure.

“We had almost given up on the idea of breaking the most widely deployed use of standard cryptography,” says Nohl, but it felt “great” to finally gain control of a SIM after many months of unsuccessful testing.

With the all-important (and till-now elusive) encryption key, Nohl could download a virus onto the SIM card that could send premium text messages, collect location data, make premium calls or re-route calls. A malicious hacker could eavesdrop on calls, albeit with the SIM owner probably noticing some suspiciously-slow connections.

Nohl found a second bug. Unrelated to the weak encryption key, it allows even deeper hacking on SIMs and is caused, Nohl says, by a mistake on the part of SIM card manufacturers. Java Card uses a concept called sandboxing, in which pre-installed programs like a Visa or PayPal app are shielded from one another and the rest of the SIM card. The term comes from the idea of only allowing programs to “play with their own toys, in their own sandbox,” says Nohl. “This sandboxing mechanism is broken in the most widely-used SIM cards.” The researcher says he found a few instances where the protocols on the SIM card allowed the virus he had sent to a SIM, to check the files of a payment app that was also installed on the card.

The way this works is somewhat complex, but Nohl’s virus essentially gave the infected Java software a command it could not understand or complete – eg. asking for the 12th item in a 10-item list, leading the software to forgo basic security checks and granting the virus full memory access, or “root,” in cyber security parlance.

In sum, a malicious hacker who wanted to use this method might start with a list of 100 phones. They could send a binary SMS to all of them, using a programmable cell phone connected to a computer. They might get 25 responses with cryptographic signatures, and dismiss the half that use a stronger security standard. From the rest, Nohl surmises they could crack the encryption key of perhaps 13 SIM cards, and send them a virus that breaks through the Java Card sandbox barriers and reads payment app details, as well as the master key of the SIM card.

Who’s to blame for this and who can fix it? Nohl says broken Java sandboxing is a shortcoming of leading SIM card vendors like Gemalto and Oberthur. Riscure’s Van Woudenberg agrees.

Gemalto which made about half its $2.5 billion revenue in 2012 selling SIM cards, said in an email to Forbes that its SIMs were “consistent with state-of-the-art and applicable security guidelines,” and that it had been working closely with GSMA and other industry bodies to look into Nohl’s research. Gemalto’s CEO Olivier Piou has said publicly that there are no security issues with mobile payments, and his company says on its website that SIM cards are “virtually impossible to crack.”

Despite this, Nohl believes badly-configured Java Card sandboxing “affects every operator who uses cards from two main vendors,” including carriers like AT&T and Verizon who use robust encryption standards. Are SIM cards with these 3DES standards vulnerable? Nohl suggests they might be, and that he’ll expound on the details at Black Hat.

At minimum it seems that carriers should upgrade to newer encryptions quickly, not just for the safety of their subscribers, but future revenue too. Payment providers like MasterCard and Visa will need to use the OTA protocol to fill SIM cards with Java applications, like credit card applets, and enable NFC-based payments on phones in the future — and they’ll pay carriers for the privilege of being on the SIM. “Operators see this as valuable real estate,” says Nohl, referring to this OTA communication channel. Leaving aside what this means for consumer privacy, Nohl’s findings may leave some carriers grappling with new questions over the security (and value) of this real estate.

“Carriers and SIM card manufacturers do need to step up their security game for when payments arrive,” says Van Woudenberg. Banks are slow and cautious with new technology as they wait for it be proven secure, he adds, but “the mobile world moves much faster, as time-to-market is for them more important.”

As mobile payments bring these two worlds together, Nohl’s research has shown the process of proving out security on SIMs could be more challenging than the key players originally thought.