Fertile
Bluelighter
- Joined
- Mar 31, 2022
- Messages
- 1,627
In the 90s Sprint produced mobile phones that did not contain a SIM. the functions of a SIM were emulated in software. Given the CPU in a SIMs seems to be an ARM CPU (originally an ARM7 (ARMv3) and more recently ARM SecurCore (ARMv7) running at 8-20MHz, it's reasonable for a modern smartphone to emulate the SIM (and prevent microjava applets from being remotely downloaded to it).
I ASSUME that sine people can change the IMEI with a cable & PC software, generating a unique IMEI number every call would not be an issue.
But ICCID is more interesting. It tells the exchange what account a given phone is connected to. If one had a list of say 10,000 subscriptions and each time it randomly picks one, it would be very hard to trace.
It would require a lot of hacking, programming, planning and infrastructure BUT I am not convinced by Telegram or indeed ANY of the supposedly 'secure' mobile phones.
It goes without saying that a post-quantum (quantum resistant) key exchange would be used along with various tricks used by Tails such as restarting the device empty - all previous sessions destroyed.
It's not that I'm up to no good but I KNOW that dodgy MicroJava applets have found their way into SIMs. SecurCore does help a bit although I note that it has a significant weakness AND due to how memory allocation works, it's possible to place a small block of asembly language code ATRER the MicroJava applet and that it's easy for a MicroApplet to drop back into native assembly language. Put simply - one can place malware onto a SIM.
I ASSUME that sine people can change the IMEI with a cable & PC software, generating a unique IMEI number every call would not be an issue.
But ICCID is more interesting. It tells the exchange what account a given phone is connected to. If one had a list of say 10,000 subscriptions and each time it randomly picks one, it would be very hard to trace.
It would require a lot of hacking, programming, planning and infrastructure BUT I am not convinced by Telegram or indeed ANY of the supposedly 'secure' mobile phones.
It goes without saying that a post-quantum (quantum resistant) key exchange would be used along with various tricks used by Tails such as restarting the device empty - all previous sessions destroyed.
It's not that I'm up to no good but I KNOW that dodgy MicroJava applets have found their way into SIMs. SecurCore does help a bit although I note that it has a significant weakness AND due to how memory allocation works, it's possible to place a small block of asembly language code ATRER the MicroJava applet and that it's easy for a MicroApplet to drop back into native assembly language. Put simply - one can place malware onto a SIM.