

The secret life of SIM cards (2013) - cthackers
http://simhacks.github.io/defcon-21/

======
rjzzleep
i hate to be that guy, and without actually trying to start a flamewar or
"who's better", I find it really interesting that americans are so great at
marketing things, the german stuff works, but usually looks crappy. here's a
CCC talk from 2011 on the topic [1]

you could observe the same thing when the ccc guys had their first gsm phones.
Someone just showed up with a base station in the trunk of his car. compare
that with the huge buzz that went around the same thing at defcon a couple of
years ago. The defcon truck definitely looked WAY cooler.

but on topic what's actually really scary about this is that even newer
smartphones would allow sim exploits to roam free. contrary to what you may
think it's not just old phones.

[1]
[http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html](http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html)

EDIT: while technically not exactly the same as opensimkit here's an answer to
the why question posed by jacob appelbaum. I suspect the same applies here(and
it's not really a bad reason either)

[https://mailman.stanford.edu/pipermail/liberationtech/2013-J...](https://mailman.stanford.edu/pipermail/liberationtech/2013-January/006554.html)

~~~
kalleboo
The CCC talk looks cool for digging into more of what's possible as well as
actually building their own serial interface, but the DEFCON talk is more
interesting from the perspective that they actually got their own virgin SIMs
and implemented their own app.

------
FryHigh
In Kenya, the SIM card application is very important as most Telecommunication
companies have important services that they offer thorugh the application.
These include Mpesa, Airtel Money, YU Cash and Orange Money among other
services.

The iPhone has a menu option within Settings > Phone > Sim Applications where
these are displayed. I haven't seen this on other SIM cards

~~~
tribaal
Same for Tanzania, Uganda, Rwanda, and I suspect a lot of the rest of the
(non-Eastern) Africa.

USSD codes are critical.

~~~
rithi
Tanzania? Not so sure. What I've seen in Dar is that the way to access mobile
money for instance is to dial _150_ XX# to access services. SIM Toolkit
Applications on the contrary present as regular phone applications (albeit
limited by the SIM tooklit capabilities).

------
mileschet
It reminds my good days programming simcards, i was the founded of a startup
in Brazil that made a good use of simcard programming to store two numbers in
the same simcard, around 2010 it's a cool and profitable, the thing is that i
managed to insert a local imsi and an a north american imsi registered in the
same card so everyone that travel abroad could be free of expensive roaming
charges, them we sold the company and now days they are a reseller for some
major carrier in US =)

~~~
geocar
Can you go into more details?

I travel a lot and use a hacked up Chinese phone since it supports dual SIM
pretty well but I'd rather use an iPhone. Unfortunately I want both my US and
UK numbers and contacts slightly more.

~~~
mileschet
For some reason i have that NDA shit on my back, but i can show you a few
options available on ebay that works well too!

~~~
egodemens
I'd certainly be interested in that.

------
farmdve
Wait, what? They're unknown in the U.S? Then what in the world are they using
over there?

~~~
ChrisClark
Apps that run directly on the SIM card are relatively unknown in the US. We
(in Canada) normally download apps that run on the phone's OS, like Android or
iOS apps. Running apps directly on the SIM card is very unlikely.

~~~
dobbsbob
Most carriers like Wind sell phones with SIM apps to control your account,
also there were a few banking apps done like this
[http://www.newswire.ca/en/story/1063949/cibc-and-rogers-
comp...](http://www.newswire.ca/en/story/1063949/cibc-and-rogers-complete-the-
first-mobile-credit-card-transaction-in-canada)

I played around with a TurboSim for a while too back when I was testing out a
SIM card 'firewall' that would block the carrier programmed SIM from
responding to OTA updates or type-0 stealth SMS and other bad things
[http://www.bladox.com/](http://www.bladox.com/) then phones with wifi that
didn't require a SIM came out.

------
thadk
In the public health space, these SIM applications on programmable SIM cards
(pass-through sandwiched with parallel carrier SIM cards) are very useful for
data collection: See Medic Mobile and
[http://vimeo.com/45532467](http://vimeo.com/45532467)
[https://groups.google.com/forum/#!topic/ict4chw/5WKV3c6RfEU](https://groups.google.com/forum/#!topic/ict4chw/5WKV3c6RfEU)

------
Thlom
In Norway we can use a SIM application to log into the bank. Don't know how it
works, but here's a introduction in English: [https://www.bankid.no/Dette-er-
BankID/BankID-in-English/Bank...](https://www.bankid.no/Dette-er-
BankID/BankID-in-English/BankID-on-your-mobile/)

------
matthiasb
They did not mention who was their SIM vendor but each SIM vendor is using
their own design for the metal contacts. One could find which vendor was
trying to sell them the software which they did not own for $600.

------
RRRA
We need to get rid of the SIM card and the closed basebands if we ever want to
save the internet / PC / FOSS that permitted this open ecosystem...
#KeysToTheUsers

------
Wingman4l7
These must be pretty small applications -- don't SIM cards have under a
megabyte of storage capacity?

~~~
pjmlp
The wonders one can do with 64KB. :)

~~~
wolfgke
Indeed: [http://www.pouet.net/](http://www.pouet.net/)

------
srean
It seems it would be a lot of fun to hack on these with some version of Lua. A
reference counted variant might be more suitable.

Havent had a chance to watch the presentation, perhaps its already answered
there: Are these totally locked down or is it within realms of possibility to
take out the SIM card from an average GSM phone and start poking around,
adding one's own applications.

