@ #SCCON Smart Country Convention in Berlin, Messe für "digitalen Staat"
Merlin Chlosta
- 244 Followers
- 23 Following
- 26 Posts
private profile, not affiliated with my employer
Using SIMurai, we found two high-severity vulnerabilities, potentially allowing attackers to get code execution on a baseband.
But are hostile SIM cards a realistic threat model? To answer this, we provide two case studies: (a) a SIM spyware remotely provisioned by a rogue operator, and (b) triggering the found vulnerabilities via a modified SIM interposer, inserted by an attacker with physical access.
We also verified operationality of SIMurai by connecting it to 18 different phones and attaching to cellular networks (2G/4G/5G).
SIM cards can, for instance, ask your phone to open TCP channels, send SMS, or retrieve location information without user interaction.
To explore the attack surface we developed SIMurai, a research-focused SIM emulator, which can be plugged to physical and emulated phones alike.
Our #usenix2024 paper "SIMurai: Slicing Through the Complexity of SIM Card Security Research" just went public!
We asked ourselves: What kind of attacks could a hostile SIM launch against your phone?
TIL you can feed a hexdump into any Wireshark dissector.
$ echo "00b2040422ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff9000" > hex.txt
$ text2pcap -l 252 -r "^(?<data>[0-9a-fA-F]+)$" -P "gsm_sim" hex.txt converted.pcap
$ tshark -r converted.pcap -O gsm_sim
one of my favorite websites working with 3GPP specs: getsi.org
(ETSI PDF search that actually works)
USB cable testers arrived. first time ordering open-source hardware, blew my mind this actually works.
project: https://github.com/alvarop/usb_c_cable_tester by
@alvaro
