For decades, the interface between SIM card and phone has been evolving from it’s original purpose for subscriber authentication and data storage of things like phone book and SMS. Modern SIM cards are self-contained embedded computers with Java VM and multiple applications. Many people even in the industry rarely know to whichextent Phone behavior can be controlled by the SIM card. Outbound calls can be filtered or re-directed to different numbers. The SIM card can request cell change and even RF measurement information, as well as GPS coordintes from the phone. Let’s have a look at the security implications of all those possibilities.
Harald Welte is communications security consultalt for more than a decade. He was co-author of tne netfilter/iptables packet filter in the Linux kernel and has since then been involved in a variety of Free Software based implementations of protocol stacks for RFID, GSM, GPRS, and TETRA. His main interest is to look at security of communication systems beyond the IP-centric mainstream. Besides his consulting work, he is the general manager of Sysmocom GmbH, providing custom tailored communications solutions to customers world-wide.