SIM Cards
by laughingatclouds · 10 hours ago
These fukking things. For the longest time I thought they were like SD cards and only held subscriber information to get my cellphone on the network. Sit back and let me tell you a geeky story about these things.
In Europe all our cellphones have them. In fact smartphones usually have two - one is added directly on the circuit board by the manufacturer for payments and futurey-stuff. In this picture you can see the standard SIM socket where your network card goes, and a little chip bottom right which handles Google Wallet.
A SIM card contain a bunch of “keys” for authentication. A key is just a really long password. When you switch on your phone, it connects to the nearest cell tower and has a quick conversation to verify your keys and grant you access. It proves that your SIM card belongs to you and your network.
Another key is used to prove that the cell tower belongs to the network. This, in theory, stops someone from setting up a nearby cell tower pretending to be Vodafone or whoever, in the hopes of your phone communicating with it (called a “man in the middle” attack). Neato.
So why two SIM cards in one smartphone? Google and Apple did not want cell networks having control over their encryption keys for payments - it would give away the monopoly. I digress, but I wanted to mention them because smartphones are twice as vulnerable. Anyway…
All these keys are generated from a “master key” held by the SIM card manufacturers. If you don’t have the master key, you cannot generate your own keys and therefore can’t make your own SIM cards for someone else’s cell network. Great! Except…
Leaked documents show the NSA and GCHQ hacked Gemalto, the largest SIM card manufacturer in Europe, and got copies of the master keys. Whether you love them or hate them, if the NSA can do it so can someone else. Yuck.
US police forces can use this access to decrypt voice and text communication right now - they can set up a “man in the middle” attack with a fake cellphone tower (passing data onto a real one after recording everything). And there’s more…
SIM cards don’t just store encryption keys. They’re powerful little computers (for their size) which run a mini operating system and Java applets. Actual programs. They run actual programs. Unknown to the phone’s operating system or to the user. R̶e̶m̶e̶m̶b̶e̶r̶ ̶S̶n̶a̶k̶e̶ ̶o̶n̶ ̶N̶o̶k̶i̶a̶ ̶h̶a̶n̶d̶s̶e̶t̶s̶?̶ ̶J̶a̶v̶a̶ ̶a̶p̶p̶l̶e̶t̶.̶ (Disproved, sorry about that!) Old phonebooks and contacts? Java applet. (Photo proved inaccurate in comments) Today its kinda useless, you’d think. But no!
You can’t access your SIM card’s Java applets any more on modern smartphones. But your network can. They send over-the-air updates via SMS messages which contain Java applets. Your SIM card receives these SMS messages *̶d̶i̶r̶e̶c̶t̶l̶y̶*̶ *almost directly* from the radio chip on the circuit board. And deletes them. Before your phone's OS realises what happened. Totally unknown to the user. Your network and your government can run anything on your phone without you knowing.
These SIM cards don’t just have direct access to the radio chip. M̶i̶c̶r̶o̶p̶h̶o̶n̶e̶s̶,̶ ̶G̶P̶S̶,̶ ̶c̶a̶m̶e̶r̶a̶s̶,̶ NFC, Bluetooth, Wifi, f̶i̶n̶g̶e̶r̶p̶r̶i̶n̶t̶ ̶r̶e̶a̶d̶e̶r̶,̶ ̶m̶a̶g̶n̶e̶t̶o̶m̶e̶t̶e̶r̶,̶ ̶a̶c̶c̶e̶l̶e̶r̶o̶m̶e̶t̶e̶r̶,̶ ̶b̶a̶r̶o̶m̶e̶t̶e̶r̶,̶ ̶g̶y̶r̶o̶s̶c̶o̶p̶e̶,̶ ̶l̶i̶g̶h̶t̶,̶ ̶o̶t̶h̶e̶r̶ ̶s̶e̶n̶s̶o̶r̶s̶ … the SIM card can access a̶n̶y̶ some of these directly without asking the operating system or the user for permission. (Thanks everyone in the comments for disproving some of this. I can't find references to sensors)
With a master key and a few keystrokes it is possible to launch Java applets on a single targeted handset, a bunch of handsets on a single tower, or every handset on a cellphone network. Using “active retroreflection” this scene from Batman is a very real possibility.
It is illegal to know what your SIM card is running. You would have to reverse engineer your network’s key, or the master key, to gain access to running applications or over-the-air information. This is against the law.
I dream that one day we will own our own hardware again. This is a picture of some guys using a HackRF One to run their own (basic) cellphone network at the Defcon security conference. Very cool. Right now the hardware is expensive and the software is basic/buggy. But it’s open source and every good project starts that way.
I hope you found this educational and it didn’t sound like a tinfoil hat rant. It took a while to make and I hope it doesn’t get lost in user sub. These guys know what’s up. Thanks for reading this far.
by laughingatclouds · 10 hours ago
These fukking things. For the longest time I thought they were like SD cards and only held subscriber information to get my cellphone on the network. Sit back and let me tell you a geeky story about these things.
In Europe all our cellphones have them. In fact smartphones usually have two - one is added directly on the circuit board by the manufacturer for payments and futurey-stuff. In this picture you can see the standard SIM socket where your network card goes, and a little chip bottom right which handles Google Wallet.
A SIM card contain a bunch of “keys” for authentication. A key is just a really long password. When you switch on your phone, it connects to the nearest cell tower and has a quick conversation to verify your keys and grant you access. It proves that your SIM card belongs to you and your network.
Another key is used to prove that the cell tower belongs to the network. This, in theory, stops someone from setting up a nearby cell tower pretending to be Vodafone or whoever, in the hopes of your phone communicating with it (called a “man in the middle” attack). Neato.
So why two SIM cards in one smartphone? Google and Apple did not want cell networks having control over their encryption keys for payments - it would give away the monopoly. I digress, but I wanted to mention them because smartphones are twice as vulnerable. Anyway…
All these keys are generated from a “master key” held by the SIM card manufacturers. If you don’t have the master key, you cannot generate your own keys and therefore can’t make your own SIM cards for someone else’s cell network. Great! Except…
Leaked documents show the NSA and GCHQ hacked Gemalto, the largest SIM card manufacturer in Europe, and got copies of the master keys. Whether you love them or hate them, if the NSA can do it so can someone else. Yuck.
US police forces can use this access to decrypt voice and text communication right now - they can set up a “man in the middle” attack with a fake cellphone tower (passing data onto a real one after recording everything). And there’s more…
SIM cards don’t just store encryption keys. They’re powerful little computers (for their size) which run a mini operating system and Java applets. Actual programs. They run actual programs. Unknown to the phone’s operating system or to the user. R̶e̶m̶e̶m̶b̶e̶r̶ ̶S̶n̶a̶k̶e̶ ̶o̶n̶ ̶N̶o̶k̶i̶a̶ ̶h̶a̶n̶d̶s̶e̶t̶s̶?̶ ̶J̶a̶v̶a̶ ̶a̶p̶p̶l̶e̶t̶.̶ (Disproved, sorry about that!) Old phonebooks and contacts? Java applet. (Photo proved inaccurate in comments) Today its kinda useless, you’d think. But no!
You can’t access your SIM card’s Java applets any more on modern smartphones. But your network can. They send over-the-air updates via SMS messages which contain Java applets. Your SIM card receives these SMS messages *̶d̶i̶r̶e̶c̶t̶l̶y̶*̶ *almost directly* from the radio chip on the circuit board. And deletes them. Before your phone's OS realises what happened. Totally unknown to the user. Your network and your government can run anything on your phone without you knowing.
These SIM cards don’t just have direct access to the radio chip. M̶i̶c̶r̶o̶p̶h̶o̶n̶e̶s̶,̶ ̶G̶P̶S̶,̶ ̶c̶a̶m̶e̶r̶a̶s̶,̶ NFC, Bluetooth, Wifi, f̶i̶n̶g̶e̶r̶p̶r̶i̶n̶t̶ ̶r̶e̶a̶d̶e̶r̶,̶ ̶m̶a̶g̶n̶e̶t̶o̶m̶e̶t̶e̶r̶,̶ ̶a̶c̶c̶e̶l̶e̶r̶o̶m̶e̶t̶e̶r̶,̶ ̶b̶a̶r̶o̶m̶e̶t̶e̶r̶,̶ ̶g̶y̶r̶o̶s̶c̶o̶p̶e̶,̶ ̶l̶i̶g̶h̶t̶,̶ ̶o̶t̶h̶e̶r̶ ̶s̶e̶n̶s̶o̶r̶s̶ … the SIM card can access a̶n̶y̶ some of these directly without asking the operating system or the user for permission. (Thanks everyone in the comments for disproving some of this. I can't find references to sensors)
With a master key and a few keystrokes it is possible to launch Java applets on a single targeted handset, a bunch of handsets on a single tower, or every handset on a cellphone network. Using “active retroreflection” this scene from Batman is a very real possibility.
It is illegal to know what your SIM card is running. You would have to reverse engineer your network’s key, or the master key, to gain access to running applications or over-the-air information. This is against the law.
I dream that one day we will own our own hardware again. This is a picture of some guys using a HackRF One to run their own (basic) cellphone network at the Defcon security conference. Very cool. Right now the hardware is expensive and the software is basic/buggy. But it’s open source and every good project starts that way.
I hope you found this educational and it didn’t sound like a tinfoil hat rant. It took a while to make and I hope it doesn’t get lost in user sub. These guys know what’s up. Thanks for reading this far.