SIM Cards attacks using Over-the-Air Updates

July 22, 2013 | Posted in News | By

The attack is a combination of both insecure communication method of SIM cards update with OTA STK procedure; and vulnerability in Java version running on the SIM card.

Industry reality is:

  • Number of affected card is not very high, limited to old cards. Often it’s 3DES being used.
  • The Binary SMS required to deliver the attack are often filtered at operator’s boundary, thus stopping the attack.

Hijacking SIM Cards through Over-the-Air Updates | Symantec Connect Community.

Rooting SIM cards.

DES encryption leaves SIM cards vulnerable to exploitation | ZDNet.

News and Threat Research Millions of SIM cards vulnerable to remote compromise | Fortinet Blog.

 

Read More →