Detailedseverity: HighDraft

CAPEC-614Rooting SIM Cards

Abstraction
Detailed
Status
Draft
Severity
High

Description

SIM cards are the de facto trust anchor of mobile devices worldwide. The cards protect the mobile identity of subscribers, associate devices with phone numbers, and increasingly store payment credentials, for example in NFC-enabled phones with mobile wallets. This attack leverages over-the-air (OTA) updates deployed via cryptographically-secured SMS messages to deliver executable code to the SIM. By cracking the DES key, an attacker can send properly signed binary SMS messages to a device, which are treated as Java applets and are executed on the SIM. These applets are allowed to send SMS, change voicemail numbers, and query the phone location, among many other predefined functions. These capabilities alone provide plenty of potential for abuse.

Related weaknesses· 1

CWE-327

Related attack patterns· 1

CAPEC-186 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessUse of a Broken or Risky Cryptographic Algorithmcwe-327100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Root/Jailbreak Detection Evasion via Debugging
CAPEC
Root/Jailbreak Detection Evasion via Hooking
CAPEC
Mobile Device Fault Injection
CAPEC
Mobile Phishing
CAPEC
Cryptanalysis of Cellular Encryption
CAPEC
Cellular Traffic Intercept
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.