Comments on: How to protect from SIM Toolkit attack http://blog.m-sec.net/2011/how-to-protect-from-sim-toolkit-attack/ When security is not enough Tue, 13 Nov 2012 19:16:46 +0000 hourly 1 http://wordpress.org/?v=3.4.2 By: Markov http://blog.m-sec.net/2011/how-to-protect-from-sim-toolkit-attack/#comment-716 Markov Sun, 11 Nov 2012 14:52:04 +0000 http://blog.m-sec.net/?p=101#comment-716 I seriously doubt that risk of a SIM Toolkit attack is real. the subscribers's SIM always sends PoR via the _originating_ SMSC. So, to direct PoRs to the carriers's premium numbers you have to have a direct SMPP connection to the carrier's own SMSC (not bulk SMS providers) which seems very unlikely for "cybercrooks") Working on a DIY OTA campaign for a local MVNO, I learned the hard way how difficult it is to get PoRs and I keep wondering how you've managed to perform this demonstration at the conference. Have you heard of any cases of STK attacks? I seriously doubt that risk of a SIM Toolkit attack is real. the subscribers’s SIM always sends PoR via the _originating_ SMSC. So, to direct PoRs to the carriers’s premium numbers you have to have a direct SMPP connection to the carrier’s own SMSC (not bulk SMS providers) which seems very unlikely for “cybercrooks”)
Working on a DIY OTA campaign for a local MVNO, I learned the hard way how difficult it is to get PoRs and I keep wondering how you’ve managed to perform this demonstration at the conference.
Have you heard of any cases of STK attacks?

]]> By: Mine sied http://blog.m-sec.net/2011/how-to-protect-from-sim-toolkit-attack/#comment-544 Mine sied Wed, 25 Jan 2012 13:55:48 +0000 http://blog.m-sec.net/?p=101#comment-544 <strong>Wow nice post...</strong> [..] nice post omg [.]... Wow nice post…

[..] nice post omg [.]…

]]> By: What We're Reading Holiday Edition — Banking.com | Near Field Communication (NFC) / Smart mCommerce http://blog.m-sec.net/2011/how-to-protect-from-sim-toolkit-attack/#comment-299 What We're Reading Holiday Edition — Banking.com | Near Field Communication (NFC) / Smart mCommerce Thu, 22 Dec 2011 17:35:08 +0000 http://blog.m-sec.net/?p=101#comment-299 [...] How to protect from SIM Toolkit attack | Mobile SecurityBy m-sec.netWhat else you should keep in mind is that the method used has to be convenient to everybody: people still want to use mobile banking, they still want to be able to check for the available credit from the Toolkit menu, they don't want to jailbreak, …Mobile Security [...] [...] How to protect from SIM Toolkit attack | Mobile SecurityBy m-sec.netWhat else you should keep in mind is that the method used has to be convenient to everybody: people still want to use mobile banking, they still want to be able to check for the available credit from the Toolkit menu, they don't want to jailbreak, …Mobile Security [...]

]]>