SIM Toolkit Attack

Bogdan Alecu @ DeepSec 2011

Hi all,

I must say it was a real pleasure to attend the DeepSec 2011 edition. I’ve met a lot of interesting people and all the talks were great. Since it was my first time I held an international talk with such large audience, I was a little bit excited, but no matter what, I still consider I did a pretty good job. By now I only got positive feedback :)

To answer some of the frequently asked questions:

1. The attack I showed has nothing to do with knowing the security keys as the response to the command is being sent even if there’s an error

2. The live demo worked – too bad I didn’t have a webcam to show you the target phone

3. There was no planning on who should volunteer for the live demo

4. The number you’ve seen during the demo is not the real number (only the first 3 digits were) and also wasn’t charged with 5 EUR – all it was just for the fun of it :)

5. The quickest way to protect is to change your phone to one that asks for your permission before allowing the SIM card to do something, or switch to another operator that doesn’t provide SIM cards with Toolkit Application on them – in Austria it’s at least one, as well in Romania :)

6. Pay attention to dual-SIM phones: some of them are not showing you the extra-menu belonging to the SIM application, so don’t get comfortable thinking that you’re protected

7. I’m not a hacker / cracker how the media likes to call the security specialists most of the times. My purpose was to make you aware of the danger of just using something like SMS

I was happy that right after the talk I’ve been contacted by RIM in order to send them the details to fix this. It’s good to see that someone pays attention to these details. As long as they agree, I’ll keep you up to date with how the things are going.

Thank you Lynx, MiKa, Manuela for this opportunity! I’m pretty sure I’ll see you next year also :) I also hope that next year there will be more people from Romania in the audience.

Below it’s a recording of my talk SMS fuzzing, SIM Toolkit Attack – I hope you’ll ignore my excitement :)

The slides from the talk can be found here (click me).

I wait for your feedback!

You can leave a response, or trackback from your own site.

18 Responses to “SIM Toolkit Attack”

  1. [...] Fuzzing – SIM Toolkit Attack Slides –> Link LD_AddCustomAttr("AdOpt", "1"); LD_AddCustomAttr("Origin", "other"); [...]

  2. [...] SIM Toolkit Attack Bogdan has published his own video recording of his talk about attacking the SMS Toolkit. [...]

  3. We have linked to your posting on our blog article http://blog.deepsec.net/?p=729 so others find your video link.

  4. Glo says:

    Cool presentation, but is there a possibility to get a simple pdf?!
    Because i’m getting sick of all these animations :)

    Cheers,
    Glo

  5. [...] Update: for the English version please go here. [...]

  6. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  7. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  8. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  9. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  10. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  11. junk says:

    Can I protect myself by setting my Nokia phone to “Confirm SIM serices” to yese?

    • m-sec.net says:

      Yes, if you activate the option to always ask you, then each time the SIM will try to perform an action it will ask you. Be aware of the legitimate thinks like when you try to find how much available credit you have for example.

  12. [...] all the media coverage of the subject (quite impressive) a lot of talks started, specially on Niebezpiecznik site from Poland, about how [...]

  13. [...] security researcher Bogdan Alecu gave a presentation explaining the security shortcoming, and demonstrating how it might be exploited, at a recent DeepSec security conference in Vienna, [...]

  14. tandblekninng med laser says:

    tandblekninng med laser…

    [...]4 Finally something I was looking for I mean I view like 10 sites (some of th vf[...]…

  15. [...] ultimul lucru pe care am vrut să-l testez era protecția la atacul prin SIM Toolkit. Din păcate acest lucru nu l-am putut testa deoarece odată cu update-ul a dispărut în mod [...]

Leave a Reply

Powered by WordPress