Securing SIM cards : Attacks on SIM cards and their countermeasures
Description :
Subscriber Identity Module or Subscriber Identification Module (SIM) is an integrated circuit that is designed to securely store the international mobile subscriber identity (IMSI) number and its related key, which are used to identify and authenticate subscribers during mobile communication.
"SIM cards" are transferable between different mobile devices. A SIM card contains its unique serial number, international mobile subscriber identity (IMSI) number, security authentication and ciphering information, temporary information related to the local network, a list of the services the user has access to, and two passwords: a personal identification number (PIN) for ordinary use, and a personal unblocking code (PUK) for PIN unlocking.
Attacks on SIM cards and their countermeasures
The primary threat to SIM card is the possibility of cloning. Cloning means reading the contents of a SIM card and writing them into the memory of another SIM card. The opportunity to clone SIM cards could be used for malicious activities. Having received short-term access to the victim's SIM card, an adversary could clone it and thus compromise the legitimate SIM card. If a cloned SIM card is active during the time when the legitimate subscriber is registered in the mobile network, the latter would get its
connection cut off and still remain totally unaware of it. In that case, all inbound calls and messages will be directed to the adversary, and they, in turn, would be able to make calls, send messages and browse the Internet on the victim's behalf.
Cryptographic attacks on encryption keys are also possible which can compromise the security of SIM.
The possible countermeasures for SIM based attacks are given below.
• Set up a pin for accessing your phone. This is the first line of defense against people trying to break into your phone to obtain information. However, this won't stop someone from taking a SIM out of a stolen phone. A pin for your SIM will usually consist of two pins for you to set up and enter correctly; There is also the PUK/PUC (PIN Unblocking Key/Code) that will disable a SIM if a pin is entered incorrectly (amount of incorrect tries varies).
• Keep your PIN and PUK code in a safe place.
• If you get a missed call from another country code number or any absurd number such as number starting from #, never call back to such number.
• Never hand over your SIM in physical form to unknown person.
• Never give your personal information through SMS or any other form to any unknown person.
• If you get a call from telecom company, regarding your personal information, do not reveal your personal information.
• Use back-up SIM cards. In case if you lose your SIM card, you can have a backup with all of your information on it.
• Consider encrypting your web browsing, SMS, voice calls, and if possible your synced accounts.
References
- --
Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in
EmoticonEmoticon