Learn, hack!

URL

http://ftp.ccc.de/events/camp2011/video/cccamp11-4427-the_blackbox_in_your_phone-en.mp4

File name

cccamp11-4427-the_blackbox_in_your_phone-en.mp4

File size

423.4 MB

MD5

9dbef35ba8949e031ee51c5c1e13a97e

SHA1

30d29c69a50d8ddc79d0e88ef8f930169b59fd3a

This talk sheds some light on a cellphone-component, that's inevitable, virtually unclonable and as closed as it gets: the SIM. The SIM can do a lot more than just user-authentication nowadays: the SIM Application Toolkit gives it control over your phone Recently, location tracking in major smartphones caused quite a stir. Closed systems make discovering such unwanted behavior more difficult. While projects like osmocomBB aim at creating an open cellphone architecture, the SIM seems to be mostly inconsiderable and harmless. It's little known, that the SIM Application Toolkit (SAT) gives the SIM extensive control over the phone. Via the SAT, the SIM can obtain location information, monitor and redirect calls and send/receive short messages, as well as IP packets. The SIM-firmware can be updated over-the-air. Most of these features can even be used without the user noticing. Along with the mentioned SAT, this talk will illuminate the classic GSM SIM, as well as the 3G USIM altogether. After a quick introduction to smartcards in general, communication with the SIM will be explained in more detail. The most important SIM commands and files will be explained and how one can monitor communication with a SIM and inject arbitrary data into the session.