Making the case for smart cards for the average user
Peter Lebbing
peter at digitalbrains.com
Mon Mar 16 11:16:44 CET 2015
On 15/03/15 23:24, Jose Castillo wrote:
> I think it’s encouraging, in a perverse way, to hear that when GCHQ
> sought to compromise SIM card encryption keys [4], they had to resort
> to spying on the employees generating them.
Perhaps the SIM cards are relatively well protected from remote access;
the session keys for GSM communication are not. IIRC, it requires an
on-line attack and would leave traces as soon as GSM network operators
started looking for such attacks, so it's less sneaky. But there were
two interesting talks on the subject at the 31C3:
http://media.ccc.de/browse/congress/2014/31c3_-_6249_-_en_-_saal_1_-_201412271715_-_ss7_locate_track_manipulate_-_tobias_engel.html#video
http://media.ccc.de/browse/congress/2014/31c3_-_6122_-_en_-_saal_1_-_201412271830_-_mobile_self-defense_-_karsten_nohl.html#video
Apparently GCHQ still wanted the SIM keys, though :).
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list