I saw a Defcon talk about SIM cards a few years ago, really interesting stuff.
Most people treat SIM cards as just an ID to get on a carrier’s network, but they are soo much more.
When SIM cards were developed, they were designed to be the core of your phone, your handset would be just that, handset that would only run the software on the SIM card.
SIM cards are small computers, they have a CPU, RAM and storage, they can run apps on the SIM card itself and only present the UI to the phone.
With my first phones, I remember the contacts being stored on the SIM card itself, it usually took 30-60 sec to load them after a phone restart. But bloody convenient when switching phones, this was way before iCloud and other similar services, and moving your SIM card moved all your contacts as well.
Since SIM cards are controlled by the operator, they can do stuff that might surprise you, they can act as a trusted source for signing/encrypting/storing data, the user does not have direct access to tamper with the chip, so security apps have been developed to run on SIM cards, I don’t know the current status on this, but in countries with limited/older infrastructure, this was used for bank security apps, since the SIM is a locked down system, you can use it to securely store a key, and have the SIM use the key to generate a token, sign requests and even encrypt data, all without the key leaving the SIM.
I saw a Defcon talk about SIM cards a few years ago, really interesting stuff.
Most people treat SIM cards as just an ID to get on a carrier’s network, but they are soo much more.
When SIM cards were developed, they were designed to be the core of your phone, your handset would be just that, handset that would only run the software on the SIM card.
SIM cards are small computers, they have a CPU, RAM and storage, they can run apps on the SIM card itself and only present the UI to the phone.
With my first phones, I remember the contacts being stored on the SIM card itself, it usually took 30-60 sec to load them after a phone restart. But bloody convenient when switching phones, this was way before iCloud and other similar services, and moving your SIM card moved all your contacts as well.
Since SIM cards are controlled by the operator, they can do stuff that might surprise you, they can act as a trusted source for signing/encrypting/storing data, the user does not have direct access to tamper with the chip, so security apps have been developed to run on SIM cards, I don’t know the current status on this, but in countries with limited/older infrastructure, this was used for bank security apps, since the SIM is a locked down system, you can use it to securely store a key, and have the SIM use the key to generate a token, sign requests and even encrypt data, all without the key leaving the SIM.
Here is the talk I mentioned:
https://youtu.be/31D94QOo2gY
Also the baseband chip for 4G/5G is yet another self contained computer you don’t control. Shit’s egregious.
Thanks for the video link.
Someone once managed to contain a very small webserver in it.