Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Questions on GSM Penetration test
From: Emmanuel Gadaix <emmanuel () relaygroup com>
Date: Sun, 27 Jan 2002 10:28:12 +0700

You can find interesting information on such topics at:


At 09:16 PM 1/26/2002, M Lister wrote:
> 2. You can copy a sim card.

Please forgive me if this sounds naive, but I was under a *STRONG*
impression that it is practically impossible to copy a smart card. [Isnt
that what is used as a SIM card]. From the little that I know of smart
cards, security is their forte. I know absolute security is an unknown
concept but still copying a smart card, wouldnt that be too
difficult?? Wouldnt the cost involved in doing so probably be more than
the benefits?

A smart card can deny access to certain memory regions based on how it is
programmed. A card that has crappy programming can be exploited, but would
this statement of yours always be true. If yes, I would love a small

> 3. You can eavesdrop comunications between basestations.

Out of plain curiosity, is the data encrypted while in transit. I asked
the dealer here in my country who promptly replied YES, but I doubt he had
even a vague idea of what I was talking about. Given the amount of data
and the required level of low latency in cell phones and the fact SIM
cards are no Crays, I would *LOGICALLY* doubt it. But then I would love to
be sure.

Also if some one were to sniff/eavesdrop  such a conversation, how would
he go about doing it? I am not asking for the exact info but a generic
example would be wonderful.

With regards,

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]