Some SIM / USIM card security (and ecosystem) info
2024-10-4 18:42:25 Author: seclists.org(查看原文) 阅读量:6 收藏
2024-10-4 18:42:25 Author: seclists.org(查看原文) 阅读量:6 收藏
Full Disclosure mailing list archives
From: Security Explorations <contact () security-explorations com>
Date: Fri, 4 Oct 2024 12:42:06 +0200
Hello All, Those interested in SIM / USIM card security might find some information at our spin-off project page dedicated to the topic potentially useful: https://security-explorations.com/sim-usim-cards.html We share there some information based on the experiences gained in the SIM / USIM card security space, all in a hope this leads to the increase of public awareness on the topic, change perspective on the SIM / USIM card industry and potentially trigger some positive changes (such as introduce transparency in vulnerability handling processes in particular). The page includes the following (among others): - some guidelines for 3rd parties sharing similar security concerns about SIM cards security as we do (rationale for checking things / demanding infromation from vendors), - notes summarizing key areas for in-depth security investigation, which may be perceived in terms of a TODO / CHECK list for independent security evaluators (labs), researchers, MNOs or product security teams, - the impact of a discloisure of 2019 flaws affecting some real-life 3G cards [1][2]. Finally, there is some info on "security through obscurity" implemented by the industry (such as no sale policy to security companies), which should serve as a warning sign for all concerned parties (GOVs and MNOs in particular). Thank you. Best Regards, Adam Gowdiak ---------------------------------- Security Explorations - AG Security Research Lab https://security-explorations.com ---------------------------------- References [1] SE-2019-01-GEMALTO, Issues #19 and #33 https://security-explorations.com/materials/SE-2019-01-GEMALTO.pdf [2] SE-2019-01-GEMALTO-2, Issue #34 https://security-explorations.com/materials/SE-2019-01-GEMALTO-2.pdf _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- Some SIM / USIM card security (and ecosystem) info Security Explorations (Oct 04)
文章来源: https://seclists.org/fulldisclosure/2024/Oct/0
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh