The Secret Life of SIM Cards

SIM or subscriber identity module is
essential in mobile communication, SIM is a microchip or an
electronic circuit that stores IMSI and other authentication and
identification code. The foremost objective of SIM is to give the
identification of its owner in the mobile communication network, it
also carries the network signals that can hacked to control a mobile
phone. How to hack into a SIM card is not the primary objective of
this article, however we will study the structure of a SIM and
exploitation process.

At DEFCON 21 talk, Karl Koscher and
Eric Butler have presented their research and understanding
regarding the said topic. Following is the abstract of what’s
discussed there:

Abstract

SIM cards can do more than just authenticate your phone with your
carrier. Small apps can be installed and run directly on the SIM
separate from and without knowledge of the phone OS. Although SIM
Applications are common in many parts of the world, they are mostly
unknown in the U.S. and the closed nature of the ecosystem makes it
difficult for hobbyists to find information and experiment.

 This talk, based on our experience building SIM apps for the
Toorcamp GSM network, explains what (U)SIM Toolkit Applications are,
how they work, and how to develop them. We will explain the various
pieces of technology involved, including the Java Card standard,
which lets you write smart card applications using a subset of Java,
and the GlobalPlatform standard, which is used to load and manage
applications on a card. We will also talk about how these
applications can be silently loaded, updated, and interacted with
remotely over-the-air.

Presentation


Source, defcon 21

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...