On the 19th July 2013 I posted
http://trewmte.blogspot.co.uk/2013/07/android-ddms-vulnerability.html
about knowing exploits on and understanding originality and genuineness
of a handset and (U)SIM Card.
Karsten Nohl on the 22nd
July released details of an exploit for older type (no specifics as
yet) SIM Cards using DES security. The exploit revealed a returned
'error code that contained the device's cryptographic signature, a
56-bit private key. It was then possible to decrypt the key using common
cracking techniques.'
http://www.theinquirer.net/inquirer/news/2283935/sim-card-encryption-exploit-leaves-mobile-phone-users-vulnerable-to-hacking
Importantly, the article goes on to identify possible exploits that may be caused when in possession of a decrypted key.
What
isn't clear is whether the exploit leads to the creation of a cloned
SIM Card that is operating live in the same network at the same time and
whether the network detection techniques fail to pick
that up? That means not just detect (VLR/HLR) but take decisive action
such as call tear down, blocking and suspending IMSI subscriber etc.
Articles:
http://www.theinquirer.net/inquirer/news/2283935/sim-card-encryption-exploit-leaves-mobile-phone-users-vulnerable-to-hacking
http://nakedsecurity.sophos.com/2013/07/22/rooting-sim-cards-blackhat-speaker-says-he-may-be-able-to-own-your-phone-with-a-text-message/
http://thehackernews.com/2013/07/sim-card-cloning-hack-affect-750.html
For some background research materials specific to GSM SIM regarding Java servers and updating SIM OTA:
GSM 11.11
GSM 11.13 (Java Applets)
GSM 11.14 STK
