These things. For the longest time I thought they were like SD cards and only held subscriber information to get my cell phone on the network. Sit back and let me tell you a geeky story about these things.
All cell phones have sim cards. In fact some smart phones have two. One is added directly on the circuit board by the manufacturer for payments and futurey-stuff. In this picture you can see the standard SIM socket where your network card goes, and a little chip bottom right which handles Google Wallet.
A SIM card contain a bunch of “keys” for authentication. A key is just a really long password. When you switch on your phone, it connects to the nearest cell tower and has a quick conversation to verify your keys and grant you access. It proves that your SIM card belongs to you and your network.
Another key is used to prove that the cell tower belongs to the network. This, in theory, stops someone from setting up a nearby cell tower pretending to be Vodafone or whoever, in the hopes of your phone communicating with it (called a “man in the middle” attack). Neato.
So why two SIM cards in one smart phone? Google and Apple did not want cell networks having control over their encryption keys for payments. It would give away the monopoly. I digress, but I wanted to mention them because smart phones are twice as vulnerable. Anyway…
All these keys are generated from a “master key” held by the SIM card manufacturers. If you don’t have the master key, you cannot generate your own keys and therefore can’t make your own SIM cards for someone else’s cell network. Great! Except…
Leaked documents show that NSA and GCHQ hacked Gemalto, the largest SIM card manufacturer in Europe, and got copies of the master keys. Whether you love them or hate them, if the NSA can do it so can someone else.
US police forces can use this access to decrypt voice and text communication right now – they can set up a “man in the middle” attack with a fake cell phone tower (passing data onto a real one after recording everything). And there’s more…
SIM cards don’t just store encryption keys. They’re powerful little computers (for their size) which run a mini operating system and Java applets. Actual programs. They run actual programs unknown to the phone’s operating system or to the user. Today its kinda useless, you’d think. But no!
You can’t access your SIM card’s Java applets any more on modern smartphones. But your network can. They send over-the-air updates via SMS messages which contain Java applets. Your SIM card receives these SMS messages almost directly from the radio chip on the circuit board and deletes them, before your phone’s OS even realizes what happened, totally unknown to the user. Your network and your government can run anything on your phone without you knowing.
These SIM cards don’t just have direct access to the radio chip, but also NFC, Bluetooth, Wifi and some sensors. The SIM card can access some of these directly without asking the operating system or the user for permission.
With a master key and a few keystrokes it is possible to launch Java applets on a single targeted handset, a bunch of handsets on a single tower, or every handset on a cell phone network. Using “active retroreflection,” this scene from Batman is a very real possibility.
It is illegal to know what your SIM card is running. You would have to reverse engineer your network’s key, or the master key, to gain access to running applications or over-the-air information. This is against the law.
I dream that one day we will own our own hardware again. This is a picture of some guys using a HackRF One to run their own (basic) cellphone network at the Defcon security conference. Very cool. Right now the hardware is expensive and the software is basic/buggy. But it’s open source and every good project starts that way.