SIM Cards attacks using Over-the-Air Updates

July 22, 2013 | Posted in News | By

The attack is a combination of both insecure communication method of SIM cards update with OTA STK procedure; and vulnerability in Java version running on the SIM card.

Industry reality is:

  • Number of affected card is not very high, limited to old cards. Often it’s 3DES being used.
  • The Binary SMS required to deliver the attack are often filtered at operator’s boundary, thus stopping the attack.

Hijacking SIM Cards through Over-the-Air Updates | Symantec Connect Community.

Rooting SIM cards.

DES encryption leaves SIM cards vulnerable to exploitation | ZDNet.

News and Threat Research Millions of SIM cards vulnerable to remote compromise | Fortinet Blog.


Read More →

Huawei routers cracked open. The best backdoor may be a plausible-looking vulnerability

October 11, 2012 | Posted in News | By

Felix “FX” Lindner from Recurity / Phenoelit has found many vulnerabilities into the Huawei low-end to middle-end routers.

Huawei’s problem? It ain’t the secret backdoors but wide-open front doors | David Akin’s On the Hill.

FX’s slides on Huawei routers vulnerabilities

Read More →