lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CADbNDXHAZ_gj7tBVTC_iZjmMAfDFJzjGxLHim8KXpywwWzOOkA@mail.gmail.com> Date: Fri, 4 Oct 2024 12:42:06 +0200 From: Security Explorations <contact@...urity-explorations.com> To: fulldisclosure@...lists.org Subject: [FD] Some SIM / USIM card security (and ecosystem) info Hello All, Those interested in SIM / USIM card security might find some information at our spin-off project page dedicated to the topic potentially useful: https://security-explorations.com/sim-usim-cards.html We share there some information based on the experiences gained in the SIM / USIM card security space, all in a hope this leads to the increase of public awareness on the topic, change perspective on the SIM / USIM card industry and potentially trigger some positive changes (such as introduce transparency in vulnerability handling processes in particular). The page includes the following (among others): - some guidelines for 3rd parties sharing similar security concerns about SIM cards security as we do (rationale for checking things / demanding infromation from vendors), - notes summarizing key areas for in-depth security investigation, which may be perceived in terms of a TODO / CHECK list for independent security evaluators (labs), researchers, MNOs or product security teams, - the impact of a discloisure of 2019 flaws affecting some real-life 3G cards [1][2]. Finally, there is some info on "security through obscurity" implemented by the industry (such as no sale policy to security companies), which should serve as a warning sign for all concerned parties (GOVs and MNOs in particular). Thank you. Best Regards, Adam Gowdiak ---------------------------------- Security Explorations - AG Security Research Lab https://security-explorations.com ---------------------------------- References [1] SE-2019-01-GEMALTO, Issues #19 and #33 https://security-explorations.com/materials/SE-2019-01-GEMALTO.pdf [2] SE-2019-01-GEMALTO-2, Issue #34 https://security-explorations.com/materials/SE-2019-01-GEMALTO-2.pdf _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists