As far as I know it was possible to get the phone keys by shadowing a
server sending and ota-sms and generate the sim-key and then use a phone
(an old motorola (not even Android) can be used) and emulate the sim
card of your victim, register in a legal cell network and then
phone/write sms using your victims phone number.
At least in germany ota-sms (over-the-air) are filtered out already and
if you try to do it your sim-card will be blocked by the provider. (the
sim you used to shadow the cell network to get the sim-key of your
victims phone)
Providers even increased the encryption (from des to 3des... or
sometimes aes) but the security holes are still there and you can
probably still exploit them in other countries.
there might be even other ways to exploit it.
You are even able to install viruses on your victims phone using OTA-SMS
and get location data from it.
A few german articles about it:
http://heise.de/-1920898
http://heise.de/-1921565
http://heise.de/-2072666
And an English article:
https://threatpost.com/weak-encryption-enables-sim-card-root-attack/101557
http://www.theguardian.com/technology/2013/aug/01/sim-card-flaw-cellphone-hackers-karsten-nohl
for more articles serach on Google ;)
"sim card attacks"
---
Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz
ist aktiv.
http://www.avast.com
_______________________________________________
dev-geolocation mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-geolocation
