Hacker News new | past | comments | ask | show | jobs | submit login
Decap of a Cell Phone SIM card [video] (youtube.com)
129 points by mynameislegion on Oct 10, 2016 | hide | past | favorite | 17 comments



If you want to understand more about what the glitching protection is about Scanlime recently made a very good video where she grabs firmware from a drawing tablet using such an attack.

https://www.youtube.com/watch?v=TeCQatNcF20


sim cards are as capable as 80s computers and run the JVM.

http://www.extremetech.com/computing/161870-the-humble-sim-c...


If so, could obsolete SIM cards not be reused as embedded systems for free?


see defcon talk about them. it was hell to buy sim cards to do the shaddytel for torcamp.

basically, telcos make sure only them can update the code there. it's a computer running 24h, with full network and sensor access, that you carry everywhere, and you have zero control or visibility


Hmm so even if you can ever buy a secure phone you trust, you need to put another, completely opaque, computer into it to make it function (on cell networks anyway.)


I wonder if there’s any easy way to make a private GSM network so that we can see what data is actually passed between the SIM and the tower?


http://osmocom.org/projects/simtrace


There is, Osmocom/OpenBSC. IIRC they got 3G working in a fully FOSS stack.


http://osmocom.org/projects/openbsc


They have a private GSM network at the CCC conference in Hamburg every year. Sim cards go for 2 euros (or you bring the one from last year) and it allows you to call anyone anywhere for free (for the duration of the conference, and you need to get a signal from the conference building of course). No GPRS or anything like that though.


But the SIM card can't actively do anything to your stuff, can it? It has to defend itself from you, not the other way around.


There was a talk on blackhat or defcon about the abilities of these controllers, running mini java applications and other cool things. I remember it being said finding necessary SDK's were very difficult and sometimes secretive. Makes me wonder.


> mini java applications

They say Java but it's basically C++. It's Java without strings and I'm not even sure it has normal 32-bit signed integers (heard somewhere that they didn't, but I can't find it right now). It's called Java Card by the way.


That is a very well-made video.

Like the video creator, I'm very surprised the humble SIM card has been made so capable!


Honest question, why there is a need for a ARM based processor on that SIM card? AFAIK, the role of the SIM is to securely store all kind of IDs and PINs and contacts.

I am quite sure that my first SIM card, 20 years ago, didn't have such setup and worked, quite the same.


It sure did have such setup.

SIM cards can have micro applications that get exposed via the "SIM Services" menu entry or something similar named.

That is how before the WAP days, the carriers used to offer SMS based applications.


You want compute in your SIM card, because you don't want to expose the actual secrets to the phone.

Same thing with (modern) credit cards: you can send a transaction and a PIN code, and get a signed transaction in return, but you can't fetch the keys and sign arbitrary transactions afterwards.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: