undefined | Better HN

0 pointszenexer6y ago0 comments

Google and Apple can't do anything to mitigate this.

Edit: The following is incorrect. SIM cards are self-contained computers. Among other things, they're responsible for encrypting and decrypting communications between your phone and your carrier. This means that a SIM card will see the contents of a message before your OS or other hardware in your phone does. These exploits should work just as well against "dumb" phones as smartphones because they're not attacking the actual phones.

This API exists because SIM cards are self-contained computers; they need a way to communicate with everything else.

0 comments

0b00016y ago

That's not the case. SIM cards hold the permanent key for authentication and perform key derivation. Mobile data doesn't pass the SIM card; it does not perform the encryption and decryption.

zenexerOP6y ago

Good point--I tend to forget that. The rather vague article seems to indicate the actual SMS content is being sent to the SIM, though. Why is that?

opless6y ago

Dumb/feature phones saved SMS messages to the SIM card as simple cards have a limited amount of memory that is dedicated to a crude phonebook and SMS store. Smartphones and smarter feature phones (can) use their own storage for that. You could disable/enable the phonebook/save to SIM features on feature phones and early smartphones.

(I'm talking about win CE and symbian phones being early smartphones here)

GMLOOKO6y ago

j / k navigate · click thread line to collapse