Penetration Testing mailing list archives
Re: Questions on GSM Penetration test
From: Martin Tomasek <mtd () mk cvut cz>
Date: Sat, 26 Jan 2002 22:47:20 +0100
I've seen schematics of such device (smartcard reader) and a program for PC. Author claimed that it tooks about 1/2 hour on P100/32MB (due to limited smartcard bandwith :) to determine constant, stored in sim which he then used for sim simulation. You only need to know pin. (And as I remember, there are methods for old smartcards to determine pin :-) On Sat, Jan 26, 2002 at 09:16:02AM -0500, M Lister wrote:
2. You can copy a sim card.Please forgive me if this sounds naive, but I was under a *STRONG* impression that it is practically impossible to copy a smart card. [Isnt that what is used as a SIM card]. From the little that I know of smart cards, security is their forte. I know absolute security is an unknown concept but still copying a smart card, wouldnt that be too difficult?? Wouldnt the cost involved in doing so probably be more than the benefits? A smart card can deny access to certain memory regions based on how it is programmed. A card that has crappy programming can be exploited, but would this statement of yours always be true. If yes, I would love a small explanation.
-- Martin Tomasek mtd () email cz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Detecting if SecureIIS from Eeye is installed Sacha Faust (Jan 22)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 25)
- Re: Questions on GSM Penetration test M Lister (Jan 26)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- Re: Questions on GSM Penetration test M Lister (Jan 27)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- RE: Questions on GSM Penetration test Fernando Cardoso (Jan 28)
- Re: Questions on GSM Penetration test Wouter Slegers (Jan 31)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Re: Questions on GSM Penetration test Martin Tomasek (Jan 27)
- Re: Questions on GSM Penetration test John Adams (Jan 28)
- Message not available
- Re: Questions on GSM Penetration test Emmanuel Gadaix (Jan 27)