On 15/03/15 23:24, Jose Castillo wrote: > I think it’s encouraging, in a perverse way, to hear that when GCHQ > sought to compromise SIM card encryption keys [4], they had to resort > to spying on the employees generating them.
Perhaps the SIM cards are relatively well protected from remote access; the session keys for GSM communication are not. IIRC, it requires an on-line attack and would leave traces as soon as GSM network operators started looking for such attacks, so it's less sneaky. But there were two interesting talks on the subject at the 31C3: http://media.ccc.de/browse/congress/2014/31c3_-_6249_-_en_-_saal_1_-_201412271715_-_ss7_locate_track_manipulate_-_tobias_engel.html#video http://media.ccc.de/browse/congress/2014/31c3_-_6122_-_en_-_saal_1_-_201412271830_-_mobile_self-defense_-_karsten_nohl.html#video Apparently GCHQ still wanted the SIM keys, though :). Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
