Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Seeking more info on: Devastating mobile attack under spotlight

From: Nicolas RUFF <nruff () security-labs org>
Date: Mon, 27 Nov 2006 19:05:39 +0100
I am looking for some opinions or more info on this SMS reprogramming
attack. If anyone has any more info I would appreciate it.


Unfortunately, I feel this could be true. I am no SIM card expert, but
for what I've read in various books[*]:

- Modern SIM cards are JavaCards, meaning that they embed Java applets.
This is totally unrelated with the phone capabilities (i.e. your phone
does not have to be able to run Java applets).

And the upcoming MegaSIMs do have AES-encryption and 1 GB of Flash
memory – they are full-fledge computer systems.
http://www.m-systems.com/site/en-US/Products/MegaSIM/MegaSIM

- "Over The Air" (OTA) update of Java applets is possible. There is a
"secret" password which for some manufacturers is the same across the
whole product line.
http://www.gemplus.com/techno/ota/

- The message does not have to fit a single SMS - if it is over 160
bytes it will be split in multiple messages.

- The SIM card has some sort of "boot" capability, meaning that it can
dynamically modify the phone configuration at boot time (e.g. add some
service icons).

At the end, I would take this very seriously...

[*] Some readings on SIM cards for French eyes only:
http://www.dunod.com/pages/ouvrages/ficheauteurs.asp?id=44685&auteur=5187

Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: