The Secret Life of SIM Cards

SIM or subscriber identity module is
essential in mobile communication, SIM is a microchip or an
electronic circuit that stores IMSI and other authentication and
identification code. The foremost objective of SIM is to give the
identification of its owner in the mobile communication network, it
also carries the network signals that can hacked to control a mobile
phone. How to hack into a SIM card is not the primary objective of
this article, however we will study the structure of a SIM and
exploitation process.

At DEFCON 21 talk, Karl Koscher and
Eric Butler have presented their research and understanding
regarding the said topic. Following is the abstract of what’s
discussed there:


SIM cards can do more than just authenticate your phone with your
carrier. Small apps can be installed and run directly on the SIM
separate from and without knowledge of the phone OS. Although SIM
Applications are common in many parts of the world, they are mostly
unknown in the U.S. and the closed nature of the ecosystem makes it
difficult for hobbyists to find information and experiment.

 This talk, based on our experience building SIM apps for the
Toorcamp GSM network, explains what (U)SIM Toolkit Applications are,
how they work, and how to develop them. We will explain the various
pieces of technology involved, including the Java Card standard,
which lets you write smart card applications using a subset of Java,
and the GlobalPlatform standard, which is used to load and manage
applications on a card. We will also talk about how these
applications can be silently loaded, updated, and interacted with
remotely over-the-air.


Source, defcon 21

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...