[Abbenay] 3G security auditing tool?

Leo Nordwall nordwall at interactingarts.org
Mon Oct 26 21:40:58 CDT 2009 

Hi.

If you are interested in mobile phone security, this might be of interest
(or not). It seems like there is a quite specialized piece of equipment for
sale Tradera.com right now for cheap:

PCT 200 - Personal Chipcard Terminal
http://www.tradera.com/auction/auction.aspx?aid=100885062 (ending in a few
hours!)

When I saw this I had no idea what it was and there was very hard to find
information about it on Google. After some research I found out that this is
a tool made by Giesecke & Devrient (G&D), a major provider of electronic ID
systems for banknotes, passports and telecommunications. The only thing I
could find out (looking hard) about what the terminal was to be used for was
interesting: a tool for reading and creating USIM cards from scratch, as
well as testing system responses from simulated attacks made with these
cards. The software can both simulate USIMs or use physical ones, via the
terminal. Physical SIM-cards have the added perk that perhaps could be
tested outside the software environment, it seems.

The software used for this is called UMTS Security Architecture Demonstrator
and was developed as a security testing and demonstration tool, used as
proof-of-concept by the standard commitee. I found the software in a FTP
folder at a university web site along with some cryptic notes (a personal
e-mail and another txt ... hmm). Download link below. They were encrypted
with PGP - but that doesn't help much if you include the txt file with the
password along with the files (I assume it was a separate attachment
from Giesecke
& Devrient who encrypted the program ... and I wonder if they still use the
same password). This stuff and lots of technical specs can be found here:
http://www.isrc.rhul.ac.uk/useca/

I have no idea if this is new or even interesting to anyone else. Not being
a phreaker or anything, I figured still that this might be of interest. I
might be utterly wrong, but - hey, it was kinda fun to do the research
anyhow. Have fun, do your own research and move fast if you think that the
chipcard terminal is of any use. Looked kind of cool though.

/Simulacra

PS. Grab it while it's hot: http://dl.getdropbox.com/u/591572/USECA.rar

More information about the Abbenay mailing list