BERLIN — If your identity has been stolen, your phone may have been an accomplice to the crime.

A German mobile security expert says he has found a flaw in the encryption technology used in some SIM cards, the chips in handsets, that could enable cyber criminals to take control of a person’s phone.

Karsten Nohl, founder of Security Research Labs in Berlin, said the encryption hole allowed outsiders to obtain a SIM card’s digital key, a 56-digit sequence that opens the chip up to modification. With that key in hand, Mr. Nohl said, he was able to send a virus to the SIM card through a text message, which let him eavesdrop on a caller, make purchases through mobile payment systems and even impersonate the phone’s owner.

He said he had managed the whole operation in about two minutes, using a simple personal computer. He estimates as many as 750 million phones may be vulnerable to attacks.

“We can remotely install software on a handset that operates completely independently from your phone,” Mr. Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your S.M.S.’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account.”