i hate to be that guy, and without actually trying to start a flamewar or "who's better", I find it really interesting that americans are so great at marketing things, the german stuff works, but usually looks crappy. here's a CCC talk from 2011 on the topic [1]
you could observe the same thing when the ccc guys had their first gsm phones. Someone just showed up with a base station in the trunk of his car. compare that with the huge buzz that went around the same thing at defcon a couple of years ago. The defcon truck definitely looked WAY cooler.
but on topic what's actually really scary about this is that even newer smartphones would allow sim exploits to roam free. contrary to what you may think it's not just old phones.
EDIT: while technically not exactly the same as opensimkit here's an answer to the why question posed by jacob appelbaum. I suspect the same applies here(and it's not really a bad reason either)
The CCC talk looks cool for digging into more of what's possible as well as actually building their own serial interface, but the DEFCON talk is more interesting from the perspective that they actually got their own virgin SIMs and implemented their own app.
In Kenya, the SIM card application is very important as most Telecommunication companies have important services that they offer thorugh the application. These include Mpesa, Airtel Money, YU Cash and Orange Money among other services.
The iPhone has a menu option within Settings > Phone > Sim Applications where these are displayed. I haven't seen this on other SIM cards
In Australia this is how you used to top-up prepaid phones with a credit card or check your balance. You can probably still use SIM applications to do it now but it seems to be mostly replaced by web portals.
Yeah. Telstra prepaid still do the phone driven menu, where you "call" a number, but instead of voice a text menu pops up on your phone. It's quite nice actually. I think they're called USSD menus?
Tanzania? Not so sure. What I've seen in Dar is that the way to access mobile money for instance is to dial 150XX# to access services. SIM Toolkit Applications on the contrary present as regular phone applications (albeit limited by the SIM tooklit capabilities).
It reminds my good days programming simcards, i was the founded of a startup in Brazil that made a good use of simcard programming to store two numbers in the same simcard, around 2010 it's a cool and profitable, the thing is that i managed to insert a local imsi and an a north american imsi registered in the same card so everyone that travel abroad could be free of expensive roaming charges, them we sold the company and now days they are a reseller for some major carrier in US =)
I travel a lot and use a hacked up Chinese phone since it supports dual SIM pretty well but I'd rather use an iPhone. Unfortunately I want both my US and UK numbers and contacts slightly more.
It's not impossible, large carriers are still using DES to sign the OTA updates. Using rainbow tables you can crack the key and install an app which can break out of the sandbox and read the ki and IMSI.
Apps that run directly on the SIM card are relatively unknown in the US. We (in Canada) normally download apps that run on the phone's OS, like Android or iOS apps. Running apps directly on the SIM card is very unlikely.
I played around with a TurboSim for a while too back when I was testing out a SIM card 'firewall' that would block the carrier programmed SIM from responding to OTA updates or type-0 stealth SMS and other bad things http://www.bladox.com/ then phones with wifi that didn't require a SIM came out.
There are also USSD menus which I hadn't heard of before going to Asia. It was used by carriers there to provide an alternative to voice menus to topup and buy addons. In India there is a company providing access to Facebook over it:
This really isn't that accurate anymore. Verizon Wireless, which is the largest carrier in the US right now, uses sim cards in all of their LTE devices. Behind them is AT&T which of course is completely GSM and T-Mobile. Sprint, well... they're there.
They did not mention who was their SIM vendor but each SIM vendor is using their own design for the metal contacts. One could find which vendor was trying to sell them the software which they did not own for $600.
We need to get rid of the SIM card and the closed basebands if we ever want to save the internet / PC / FOSS that permitted this open ecosystem... #KeysToTheUsers
Yes. The memory space is very limited, which is why you cant code with String, int, or garbage collection. As mentioned in the video, the dev environment is limited and it allows to compile complex applications to a very small binary.
It seems it would be a lot of fun to hack on these with some version of Lua. A reference counted variant might be more suitable.
Havent had a chance to watch the presentation, perhaps its already answered there: Are these totally locked down or is it within realms of possibility to take out the SIM card from an average GSM phone and start poking around, adding one's own applications.
you could observe the same thing when the ccc guys had their first gsm phones. Someone just showed up with a base station in the trunk of his car. compare that with the huge buzz that went around the same thing at defcon a couple of years ago. The defcon truck definitely looked WAY cooler.
but on topic what's actually really scary about this is that even newer smartphones would allow sim exploits to roam free. contrary to what you may think it's not just old phones.
[1] http://events.ccc.de/camp/2011/Fahrplan/events/4427.en.html
EDIT: while technically not exactly the same as opensimkit here's an answer to the why question posed by jacob appelbaum. I suspect the same applies here(and it's not really a bad reason either)
https://mailman.stanford.edu/pipermail/liberationtech/2013-J...