The secret life of SIM cards (2013)
simhacks.github.ioi hate to be that guy, and without actually trying to start a flamewar or "who's better", I find it really interesting that americans are so great at marketing things, the german stuff works, but usually looks crappy. here's a CCC talk from 2011 on the topic [1]
you could observe the same thing when the ccc guys had their first gsm phones. Someone just showed up with a base station in the trunk of his car. compare that with the huge buzz that went around the same thing at defcon a couple of years ago. The defcon truck definitely looked WAY cooler.
but on topic what's actually really scary about this is that even newer smartphones would allow sim exploits to roam free. contrary to what you may think it's not just old phones.
[1] http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html
EDIT: while technically not exactly the same as opensimkit here's an answer to the why question posed by jacob appelbaum. I suspect the same applies here(and it's not really a bad reason either)
https://mailman.stanford.edu/pipermail/liberationtech/2013-J...
The CCC talk looks cool for digging into more of what's possible as well as actually building their own serial interface, but the DEFCON talk is more interesting from the perspective that they actually got their own virgin SIMs and implemented their own app.
In Kenya, the SIM card application is very important as most Telecommunication companies have important services that they offer thorugh the application. These include Mpesa, Airtel Money, YU Cash and Orange Money among other services.
The iPhone has a menu option within Settings > Phone > Sim Applications where these are displayed. I haven't seen this on other SIM cards
In Australia this is how you used to top-up prepaid phones with a credit card or check your balance. You can probably still use SIM applications to do it now but it seems to be mostly replaced by web portals.
Yeah. Telstra prepaid still do the phone driven menu, where you "call" a number, but instead of voice a text menu pops up on your phone. It's quite nice actually. I think they're called USSD menus?
USSD is correct! http://en.wikipedia.org/wiki/Unstructured_Supplementary_Serv...
Same for Tanzania, Uganda, Rwanda, and I suspect a lot of the rest of the (non-Eastern) Africa.
USSD codes are critical.
Tanzania? Not so sure. What I've seen in Dar is that the way to access mobile money for instance is to dial 150XX# to access services. SIM Toolkit Applications on the contrary present as regular phone applications (albeit limited by the SIM tooklit capabilities).
It reminds my good days programming simcards, i was the founded of a startup in Brazil that made a good use of simcard programming to store two numbers in the same simcard, around 2010 it's a cool and profitable, the thing is that i managed to insert a local imsi and an a north american imsi registered in the same card so everyone that travel abroad could be free of expensive roaming charges, them we sold the company and now days they are a reseller for some major carrier in US =)
Can you go into more details?
I travel a lot and use a hacked up Chinese phone since it supports dual SIM pretty well but I'd rather use an iPhone. Unfortunately I want both my US and UK numbers and contacts slightly more.
For some reason i have that NDA shit on my back, but i can show you a few options available on ebay that works well too!
I'd certainly be interested in that.
in 2010??? v2/v3 sims were already popular in 2008, and its impossible to clone those (extract ki and imsi)
unless sims in brazil were that outdated/insecure at the time
It's not impossible, large carriers are still using DES to sign the OTA updates. Using rainbow tables you can crack the key and install an app which can break out of the sandbox and read the ki and IMSI.
That flaw was discovered in 2013.
And is still applicable today...
and would be in 2010 ..if you had a time machine
Wait, what? They're unknown in the U.S? Then what in the world are they using over there?
Apps that run directly on the SIM card are relatively unknown in the US. We (in Canada) normally download apps that run on the phone's OS, like Android or iOS apps. Running apps directly on the SIM card is very unlikely.
Most carriers like Wind sell phones with SIM apps to control your account, also there were a few banking apps done like this http://www.newswire.ca/en/story/1063949/cibc-and-rogers-comp...
I played around with a TurboSim for a while too back when I was testing out a SIM card 'firewall' that would block the carrier programmed SIM from responding to OTA updates or type-0 stealth SMS and other bad things http://www.bladox.com/ then phones with wifi that didn't require a SIM came out.
There are also USSD menus which I hadn't heard of before going to Asia. It was used by carriers there to provide an alternative to voice menus to topup and buy addons. In India there is a company providing access to Facebook over it:
https://www.facebook.com/notes/airtel_in/airtel-launches-the...
USSD has very limited support outside Asia and US.
Many people in the US are using CDMA phones that don't even have SIM cards.
This really isn't that accurate anymore. Verizon Wireless, which is the largest carrier in the US right now, uses sim cards in all of their LTE devices. Behind them is AT&T which of course is completely GSM and T-Mobile. Sprint, well... they're there.
Sprint phones also use SIM cards too, for their newer LTE devices.
Some LTE devices have embedded SIM cards (baked inside the device so they aren't user removable, such as the Photon Q LTE).
But those are still SIM cards, all Sprint LTE devices have a SIM card of some sort.
Correct me if I'm wrong, but I don't think most people have an LTE phone.
Given that people typically get a "free" phone every two years, I'd imagine that most people in the US have LTE phones by now.
Well, most people out of the 56% that actually own a smart phone: http://www.pewinternet.org/2013/06/05/smartphone-ownership-2...
Is LTE only used for data, or is it also used for normal voice calls?
Most people have a GSM or LTE phone.
I am from Denmark and I have also never seen a application on a SIM card.
CDMA
In the public health space, these SIM applications on programmable SIM cards (pass-through sandwiched with parallel carrier SIM cards) are very useful for data collection: See Medic Mobile and http://vimeo.com/45532467 https://groups.google.com/forum/#!topic/ict4chw/5WKV3c6RfEU
In Norway we can use a SIM application to log into the bank. Don't know how it works, but here's a introduction in English: https://www.bankid.no/Dette-er-BankID/BankID-in-English/Bank...
They did not mention who was their SIM vendor but each SIM vendor is using their own design for the metal contacts. One could find which vendor was trying to sell them the software which they did not own for $600.
We need to get rid of the SIM card and the closed basebands if we ever want to save the internet / PC / FOSS that permitted this open ecosystem... #KeysToTheUsers
These must be pretty small applications -- don't SIM cards have under a megabyte of storage capacity?
Yes. The memory space is very limited, which is why you cant code with String, int, or garbage collection. As mentioned in the video, the dev environment is limited and it allows to compile complex applications to a very small binary.
I was under impression the biggest cards have up to 1-2 MB RAM, 128 MB flash and relatively fast 32-bit MCUs.
And that was a few years ago.
Edit: Found a PDF from 2006 that talks about even higher spec SIM cards: http://www.spansion.com/products/documents/hd_sim_whitepaper...
The slide (8) says 72k EEPROM, 6k RAM and 256 k ROM.
It seems it would be a lot of fun to hack on these with some version of Lua. A reference counted variant might be more suitable.
Havent had a chance to watch the presentation, perhaps its already answered there: Are these totally locked down or is it within realms of possibility to take out the SIM card from an average GSM phone and start poking around, adding one's own applications.