The Secret Life of SIM Cards

SIM or subscriber identity module is
essential in mobile communication, SIM is a microchip or an
electronic circuit that stores IMSI and other authentication and
identification code. The foremost objective of SIM is to give the
identification of its owner in the mobile communication network, it
also carries the network signals that can hacked to control a mobile
phone. How to hack into a SIM card is not the primary objective of
this article, however we will study the structure of a SIM and
exploitation process.

At DEFCON 21 talk, Karl Koscher and
Eric Butler have presented their research and understanding
regarding the said topic. Following is the abstract of what’s
discussed there:


SIM cards can do more than just authenticate your phone with your
carrier. Small apps can be installed and run directly on the SIM
separate from and without knowledge of the phone OS. Although SIM
Applications are common in many parts of the world, they are mostly
unknown in the U.S. and the closed nature of the ecosystem makes it
difficult for hobbyists to find information and experiment.

 This talk, based on our experience building SIM apps for the
Toorcamp GSM network, explains what (U)SIM Toolkit Applications are,
how they work, and how to develop them. We will explain the various
pieces of technology involved, including the Java Card standard,
which lets you write smart card applications using a subset of Java,
and the GlobalPlatform standard, which is used to load and manage
applications on a card. We will also talk about how these
applications can be silently loaded, updated, and interacted with
remotely over-the-air.


Source, defcon 21

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...