Hacker News new | past | comments | ask | show | jobs | submit login

The SIM card is a full featured computer. It has memory, a CPU, and your telco operator can upload java applets to it which can interact with the baseband and the application processors.

And that's the point ... right now the stingrays and such simply act as IMSI catchers, etc., but if they can impersonate the carrier they can upload arbitrary java applets to the SIM card which can undermine the call-encryption app you are using. It's an obvious next step which you aren't protected against.[1]

I don't know if any SIM cards get DMA access the way some baseband processors (not all) do ...

[1] You could get one of those little sim wrapper foils and enable encryption-only for your SIM (which it almost certainly does not have now) which I think would defeat a lot of the carrier-impersonation attacks ...




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: