Penetration Testing mailing list archives
RE: Questions on GSM Penetration test
From: "Fernando Cardoso" <fernando.cardoso () whatevernet com>
Date: Mon, 28 Jan 2002 09:47:53 -0000
Marc Witteman gave a nice overview on methods to break smart cards security in the BlackHat Briefings Europe 2001. You can check his presentation on http://www.blackhat.com/presentations/bh-europe-01/marc-witteman/witteman.pp t. Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardoso () whatevernet com http://www.whatevernet.com/
What would you mean by "peal off"? Would that be some kind of physical tampering? Most smart cards often have some kind of "Tamper Resistant Sealing". Also if you try to peal of the adhesive coating, you will most probably break the delicate fuse wire which most Smart Cardcompanies runin that adhesive coating, thereby making the whole smart-card completely useless."The Netherlands Organisation for Applied Scientific Research" has the tools for 'pealing' of the chip layer by layer (thus not the card). Again I do not know the exact technology they use but it is not just your ordenary knive and skrewdriver. More like elektron microscope and the likes. And I do not think they are the only ones on the planet who can. In this fase the are not interested in the working of the whole device as such. They just take the whole thing apart and 'write every thing down'. Later they reconstruct the device in simulators, like putting it in Orcad, and then the creative thinking process starts, I guess.
_____________________________________________________________________
INTERNET MAIL FOOTER
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Current thread:
- Detecting if SecureIIS from Eeye is installed Sacha Faust (Jan 22)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 25)
- Re: Questions on GSM Penetration test M Lister (Jan 26)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- Re: Questions on GSM Penetration test M Lister (Jan 27)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- RE: Questions on GSM Penetration test Fernando Cardoso (Jan 28)
- Re: Questions on GSM Penetration test Wouter Slegers (Jan 31)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Re: Questions on GSM Penetration test Martin Tomasek (Jan 27)
- Re: Questions on GSM Penetration test John Adams (Jan 28)
- Message not available
- Re: Questions on GSM Penetration test Emmanuel Gadaix (Jan 27)