Penetration Testing mailing list archives
Re: Questions on GSM Penetration test
From: M Lister <mlist () m-net arbornet org>
Date: Sat, 26 Jan 2002 09:16:02 -0500 (EST)
2. You can copy a sim card.
Please forgive me if this sounds naive, but I was under a *STRONG* impression that it is practically impossible to copy a smart card. [Isnt that what is used as a SIM card]. From the little that I know of smart cards, security is their forte. I know absolute security is an unknown concept but still copying a smart card, wouldnt that be too difficult?? Wouldnt the cost involved in doing so probably be more than the benefits? A smart card can deny access to certain memory regions based on how it is programmed. A card that has crappy programming can be exploited, but would this statement of yours always be true. If yes, I would love a small explanation.
3. You can eavesdrop comunications between basestations.
Out of plain curiosity, is the data encrypted while in transit. I asked the dealer here in my country who promptly replied YES, but I doubt he had even a vague idea of what I was talking about. Given the amount of data and the required level of low latency in cell phones and the fact SIM cards are no Crays, I would *LOGICALLY* doubt it. But then I would love to be sure. Also if some one were to sniff/eavesdrop such a conversation, how would he go about doing it? I am not asking for the exact info but a generic example would be wonderful. With regards, M ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Detecting if SecureIIS from Eeye is installed Sacha Faust (Jan 22)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 25)
- Re: Questions on GSM Penetration test M Lister (Jan 26)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- Re: Questions on GSM Penetration test M Lister (Jan 27)
- Re: Questions on GSM Penetration test Tom Buelens (Jan 27)
- RE: Questions on GSM Penetration test Fernando Cardoso (Jan 28)
- Re: Questions on GSM Penetration test Wouter Slegers (Jan 31)
- Questions on GSM Penetration test ricci_ieong (Jan 24)
- Re: Detecting if SecureIIS from Eeye is installed Ryan Permeh (Jan 23)
- Re: Questions on GSM Penetration test Martin Tomasek (Jan 27)
- Re: Questions on GSM Penetration test John Adams (Jan 28)
- Message not available
- Re: Questions on GSM Penetration test Emmanuel Gadaix (Jan 27)