Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Questions on GSM Penetration test
From: Emmanuel Gadaix <emmanuel () relaygroup com>
Date: Sun, 27 Jan 2002 10:28:12 +0700

You can find interesting information on such topics at:

http://www.isaac.cs.berkeley.edu/isaac/gsm.html



At 09:16 PM 1/26/2002, M Lister wrote:
> 2. You can copy a sim card.

Please forgive me if this sounds naive, but I was under a *STRONG*
impression that it is practically impossible to copy a smart card. [Isnt
that what is used as a SIM card]. From the little that I know of smart
cards, security is their forte. I know absolute security is an unknown
concept but still copying a smart card, wouldnt that be too
difficult?? Wouldnt the cost involved in doing so probably be more than
the benefits?

A smart card can deny access to certain memory regions based on how it is
programmed. A card that has crappy programming can be exploited, but would
this statement of yours always be true. If yes, I would love a small
explanation.

> 3. You can eavesdrop comunications between basestations.

Out of plain curiosity, is the data encrypted while in transit. I asked
the dealer here in my country who promptly replied YES, but I doubt he had
even a vague idea of what I was talking about. Given the amount of data
and the required level of low latency in cell phones and the fact SIM
cards are no Crays, I would *LOGICALLY* doubt it. But then I would love to
be sure.

Also if some one were to sniff/eavesdrop  such a conversation, how would
he go about doing it? I am not asking for the exact info but a generic
example would be wonderful.

With regards,
M


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]