Friday, April 25, 2008

Looking back at the future of SIM in 2002

Looking back at the future of SIM in 2002
.
I have always thought looking to the future is important, but equally looking back at what we know or think might be happening, from an historical perspective, can help see what problems can occur in the future and also to note whether foreseeable problems have been addressed or not, over time.
.
I have selected a summary of issues discussed in training back in 2002, which are set out in the downloadable .pdf document "SIM - The Future as Viewed in 2002".
.
.
For example, did you know or remember the slow down in SIM Card manufacturing in 2001? This is hard to believe when we think about the saturation levels of SIMs and handsets in the marketplace today.
.
What about SIM Application Toolkits, applets and the exciting development of Java Standard Edition for mobile phones (KJava and PJava)? Our concerns then were how these advancements were going to impact on mobile telephone and SIM examination. Remember at that time we saw problems and tried to anticipate how to combat problems, but we had no immediate solutions which invariable had to be produced in some instance "on-the-hoof", so to speak.
.
Cloning of SIM Cards had raised its head back in 1998 and devices were starting to appear on the market in 2000/01. The problems we faced then was knowing what to look for to deternmine whether a SIM was cloned or not? And then if the SIM was a clone what impact on evidence could/would it have?
.
What about SIM Cards with multiple IMSIs? Still an issue today as it was then in 2002. The problem being is that SIM readers do not have the capability to read more than one IMSI from a SIM Card at any one time. Consequently, invocation of an IMSI selection in EF-7F20 6F07 is not possible other than the SIM being placed in the handset and another IMSI being selected using the handset menu Network selection. Moreover, once that has been done the green button on the handset needs to be pushed and a location update (and an IMSI-attach) to the network is required, which cannot be performed in a faraday bag, radio dampening field or isolation chamber. The question arises when do you search for more than one IMSI recorded into a SIM? What cases warrant it? How many cases have been missed in the past where more than one IMSI resided in SIM but has gone undetected? Put simply, when should allocution take place?
.
There were a huge range of issues to be addressed then in early 2000, as there are now. When reading these brief discussion documents representing issues spoken about on my training courses, I hope they convey the message that plug and play (PnP) or universal plug and play (UPnP) systems used to extract and harvest data are simply not enough to satisfy the requirements for mobile telephone examination.