|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Seeking more info on: Devastating mobile attack under spotlight
From: Nicolas RUFF (nruff
security-labs.org)
Date: Mon Nov 27 2006 - 12:05:39 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> I am looking for some opinions or more info on this SMS reprogramming
> attack. If anyone has any more info I would appreciate it.
Unfortunately, I feel this could be true. I am no SIM card expert, but
for what I've read in various books[*]:
- Modern SIM cards are JavaCards, meaning that they embed Java applets.
This is totally unrelated with the phone capabilities (i.e. your phone
does not have to be able to run Java applets).
And the upcoming MegaSIMs do have AES-encryption and 1 GB of Flash
memory – they are full-fledge computer systems.
http://www.m-systems.com/site/en-US/Products/MegaSIM/MegaSIM
- "Over The Air" (OTA) update of Java applets is possible. There is a
"secret" password which for some manufacturers is the same across the
whole product line.
http://www.gemplus.com/techno/ota/
- The message does not have to fit a single SMS - if it is over 160
bytes it will be split in multiple messages.
- The SIM card has some sort of "boot" capability, meaning that it can
dynamically modify the phone configuration at boot time (e.g. add some
service icons).
At the end, I would take this very seriously...
[*] Some readings on SIM cards for French eyes only:
http://www.dunod.com/pages/ouvrages/ficheauteurs.asp?id=44685&auteur=5187
Regards,
- Nicolas RUFF
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]