CISPA
Browse
- No file added yet -

SIMurai: Slicing Through the Complexity of SIM Card Security Research.

Download (919.49 kB)
conference contribution
posted on 2024-08-26, 10:49 authored by Tomasz Piotr Lisowski, Merlin Chlosta, Jinjin Wang, Marius Muench
SIM cards are widely regarded as trusted entities within mobile networks. But what if they were not trustworthy? In this paper, we argue that malicious SIM cards are a realistic threat, and demonstrate that they can launch impactful attacks against mobile devices and their basebands. We design and implement SIMURAI, a software platform for security-focused SIM exploration and experimentation. At its core, SIMURAI features a flexible software implementation of a SIM. In contrast to existing SIM research tooling that typically involves physical SIM cards, SIMURAI adds flexibility by enabling deliberate violation of application-level and transmission-level behavior—a valuable asset for further exploration of SIM features and attack capabilities. We integrate the platform into common cellular security test beds, demonstrating that smartphones can successfully connect to mobile networks using our software SIM. Additionally, we integrate SIMURAI with emulated baseband firmwares and carry out a fuzzing campaign that leads to the discovery of two high-severity vulnerabilities on recent flagship smartphones. We also demonstrate how rogue carriers and attackers with physical access can trigger these vulnerabilities with ease, emphasizing the need to recognize hostile SIMs in cellular security threat models.

History

Editor

Balzarotti D ; Xu W

Primary Research Area

  • Threat Detection and Defenses

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

USENIX Security Symposium

Publisher

USENIX Association

BibTeX

@conference{Lisowski:Chlosta:Wang:Muench:2024, title = "SIMurai: Slicing Through the Complexity of SIM Card Security Research.", author = "Lisowski, Tomasz Piotr" AND "Chlosta, Merlin" AND "Wang, Jinjin" AND "Muench, Marius", editor = "Balzarotti, Davide" AND "Xu, Wenyuan", year = 2024, month = 1, journal = "USENIX Security Symposium", publisher = "USENIX Association" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC