Rooting SIM Cards

Presented at Black Hat USA 2013, July 31, 2013, 5 p.m. (30 minutes)

SIM cards are among the most widely-deployed computing platforms with over 7 billion cards in active use. Little is known about their security beyond manufacturer claims.

Besides SIM cards' main purpose of identifying subscribers, most of them provide programmable Java runtimes. Based on this flexibility, SIM cards are poised to become an easily extensible trust anchor for otherwise untrusted smartphones, embedded devices, and cars.

The protection pretense of SIM cards is based on the understanding that they have never been exploited. This talk ends this myth of unbreakable SIM cards and illustrates that the cards -- like any other computing system -- are plagued by implementation and configuration bugs.

Presenters:

• Karsten Nohl
  Karsten is a cryptographer and security researcher. He likes to test security assumptions in proprietary systems and typically breaks them.

Links:

• https://www.blackhat.com/us-13/archives.html#Nohl
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - Rooting SIM cards.mp4
• https://www.youtube.com/watch?v=LUnED7LHXfU
• https://media.blackhat.com/us-13/us-13-Nohl-Rooting-SIM-cards-Slides.pdf

Similar Presentations:

• Black Hat USA 2015 / Cloning 3G/4G SIM Cards with a PC and an Oscilloscope: Lessons Learned in Physical Security
• 30C3 (2013) / Mobile network attack evolution
• DEF CON 21 (2013) / The Secret Life of SIM Cards