We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The Secret Life of SIM Cards

Formal Metadata

Title
The Secret Life of SIM Cards
Subtitle
writing, building, loading, and using code on SIM cards.
Title of Series
Number of Parts
112
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
SIM cards can do more than just authenticate your phone with your carrier. Small apps can be installed and run directly on the SIM separate from and without knowledge of the phone OS. Although SIM Applications are common in many parts of the world, they are mostly unknown in the U.S. and the closed nature of the ecosystem makes it difficult for hobbyists to find information and experiment. This talk, based on our experience building SIM apps for the Toorcamp GSM network, explains what (U)SIM Toolkit Applications are, how they work, and how to develop them. We will explain the various pieces of technology involved, including the Java Card standard, which lets you write smart card applications using a subset of Java, and the GlobalPlatform standard, which is used to load and manage applications on a card. We will also talk about how these applications can be silently loaded, updated, and interacted with remotely over-the-air. Karl Koscher (@supersat) is a PhD student studying security and privacy at the University of Washington. His research covers a wide variety of areas, but he primarily focuses on security for embedded systems. Most recently, he was one of the primary researchers that demonstrated that modern cars are vulnerable to multiple remote exploits, which can affect nearly every physical system in the car. Eric Butler (@codebutler) is a software engineer with an interest in security, privacy, and usability. He's known for creating Firesheep, an easy to use tool that clearly demonstrated the risks of HTTP session hijacking attacks, and prompted major websites including Facebook, Twitter, and Hotmail to improve their security. He also created FareBot, an Android app that reads data from common NFC transit cards sparking a discussion around the privacy of these systems.