Re: Questions on GSM Penetration test

[Martin Tomasek <mtd () mk cvut cz>]

I've seen schematics of such device (smartcard reader) and a program for PC. 

Author claimed that it tooks about 1/2 hour on P100/32MB
(due to limited smartcard bandwith :)
to determine constant, stored in sim which he then used for sim
simulation. You only need to know pin. (And as I remember, there are
methods for old smartcards to determine pin :-)

On Sat, Jan 26, 2002 at 09:16:02AM -0500, M Lister wrote:
> > 2. You can copy a sim card.
>
> Please forgive me if this sounds naive, but I was under a *STRONG*
> impression that it is practically impossible to copy a smart card. [Isnt
> that what is used as a SIM card]. From the little that I know of smart
> cards, security is their forte. I know absolute security is an unknown
> concept but still copying a smart card, wouldnt that be too
> difficult?? Wouldnt the cost involved in doing so probably be more than
> the benefits? 
>
> A smart card can deny access to certain memory regions based on how it is
> programmed. A card that has crappy programming can be exploited, but would
> this statement of yours always be true. If yes, I would love a small
> explanation. 

-- 
Martin Tomasek
mtd () email cz

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/