Rooting SIM Cards

SmartAboutThings writes "Smartphones are susceptible to malware and carriers have enabled NSA snooping, but the prevailing wisdom has it there's still one part of your mobile phone that remains safe and un-hackable: your SIM card. Yet after three years of research, German cryptographer Karsten Nohl claims to have finally found encryption and software flaws that could affect millions of SIM cards, and open up another route on mobile phones for surveillance and fraud."

The second link is the important one

Yes, there actually is a JavaVM autonomously running inside the SIM card. Yes, the provider can install programs on the SIM card that interface with the phone through a standardized API. Yes, this hack enables the attacker to do the same. Yes, the JavaVMs are not secure and breaking out of the sandbox enables the attacker to read the master key which identifies the SIM. Yes, that means the attacker can run a software simulation of a SIM card with your secret SIM key and impersonate you vis-a-vis the network. Yes, all that is possible because some providers still deploy SIM cards that accept binary SMS which are signed with DES. Not 3DES, not AES, which are both in the standard as well, but 56 bit DE fucking S.

Re:The second link is the important one

[TuringCheck]

Pretty much none of the major providers issue ancient SIMs with DES OTA signing. For the old cards never replaced they may just deactivate them in HLR and wait for subscribers to complain to support.
On the other hand cheap Chinese SIMs are still issued in some countries. The only relief is that some of them don't support OTA at all...

No, SIM cards always have NSA backdoors

The owners of Slashdot do keep feeding you crap about things being NSA proof, and please don't give me guff about that opinion being that of the author of the article. The articles promoted here are chosen for a (far from innocent) reason.

All standards vulnerable to US influence are compromised. Other nations don't care, because they spy on their citizens too. Indeed, frequently the NSA indirectly pays for much of the spying done by China and Russia.

Look, for you sheeple, this is how it goes. A few years back, the BBC had interviews with old codgers that once worked in Australia operating the giant, supposedly civilian, astronomical monitoring facilities. The point of the interview was to allow these old scumbags to boast about the fact that they all worked secretly under the "official secrets act", and frequently lied to astronomic publications about the nature of the objects they saw in space. If amateur astronomers noticed US missile tests, for instance, this group of scumbags would issue a press release STATING that the amateur spotter was an idiot, and they had confirmed it was just a shooting star or the like.

HERE'S MY POINT. The Russian government knew the truth. So did other foreign powers. The LIE wasn't aimed at them. It was aimed at YOU, the sheeple. And the Russian authorities NEVER use their knowledge to tell the sheeple of the West the truth. These authorities actually conspire with each other to keep each others secrets from the population of the nation doing the secret work.

The civilian facilities that monitor earthquakes operate under the same government control. Why? Because when a massive earthquake hits that has been caused by military engineering projects deep underground constructing this generation of nuclear survival shelters for the people that 'matter', the earthquake monitoring teams will lie, and state the earthquake was natural with an epicentre to deep to be man-made. No-one ever considers that telling the truth to the sheeple is a good idea. You tell the sheeple that which manipulates them in the most useful way possible.

Sheeple are the ultimate disposable asset. YOU are the ultimate disposable asset. The only thing preventing this fate is that local 'masters' need their sheeple in order to stand up to other local 'masters'. The 'one world' government some of you idiots dream about would end this situation, allowing the mass culling of surplus sheeple (as proposed by Bill Gates and his ilk) to begin in earnest. Gates and others have demanded that the elites should operate as one, and then reduce the number of sheeple to the smallest level sufficient to serve them properly.

PS NSA backdoors in SIM cards is of the smallest concern compared to threats like Google Glass, the Xbox One, and Gates' ultimate pedophile tool, his inBloom (that name is a pedophile pun) children database system.

Millions?

[wisnoskij]

So a very small percentage of all SIM cards then.