17

The laptops in use at my company have SIM card slots, which are actually used by some of our users. I am threat modeling our devices, so I was wondering if there are any realistic exploits that can be used on these laptops, no matter if the users use a SIM card or not.

According to this question, it is in theory possible for malware to be stored on SIM cards, although unlikely. This question was about phones, while I am asking about laptops, but I imagine that if an exploit for phones exists, then an exploit for laptops is also possible and maybe even likely. However, the answers only mentioned that it is possible in theory, but there were no examples given.

So, my question is if there are any real-life examples or just even proof of concepts for malware like this.

Thank you.

Soufiane Tahiri
  • 2,667
  • 12
  • 27
lauraaaaa
  • 173
  • 1
  • 4

3 Answers3

16

TL;DR: For laptops, you should be fine.

  • Networks: no advantages that couldn't be gained more easily though the Ethernet port. Can be fixed by having BIOS password and encrypted drive (not a threat).
  • JavaCard applications: Your computer won't run these. They run on phones and the modem in your laptop likely just issues standard AT commands and doesn't implement the menu / control interface.
  • Access to the operating system: while the SIM card is a computer of its own accord it has a very limited interface (it is a hardware security device) and would just communicate with the modem in the laptop. If someone wanted to be able to hack the modem they would need to find a specific vulnerability in your particular modem. This is getting to new heights of hypothetical and even then your modem is just talking to the operating system though a standard, secure driver.
Glorfindel
  • 2,235
  • 6
  • 18
  • 30
James Stone
  • 186
  • 4
  • 2
    JavaCard runs on the SIM so its possible for it to run when the SIM is connected to a laptop, but your right the laptop probably won't implement the UI. And there isn't much it can do with the modem API. – user1937198 Dec 08 '20 at 13:34
3

From my perspective this is a non-realistic scenario, and here is the list of things why I think your case is more a theory issue that a real one.

  1. The information that goes on the sim cards contains, code and a very little amount of memory for store information. Check information about Gemalto for example that is a vendor of sim cards. Also the information is written by the vendor.

  2. A virus on the sim will imply that you will need code multi platform virus, because if you have a Samsung, for example that is ,ARM architecture and linux operating system, your virus should have that code written on the sim card.

  3. The sim card don't have access to the os operating system directly, is like a service if you want to understand. So you will need an extra program that reads the code of the virus and copy to the hosts and execute.

Probably there is more things there. Hope it helps for clarify

camp0
  • 2,172
  • 1
  • 10
  • 10
1

After attacker would compromise the SIM, he can easily became alternative for your default gateway. This allows to perform man-in-the-middle attack for all vulnerable protocols like NTLM relaying in Windows network which by relaying challenge response between a few workstations/servers may gain session with zero initial credentials. Additionally if you rely with on SIM card secrets for authentication purposes - VPN or any other access this could also be cloned: https://www.youtube.com/embed/scArc93XXWw

nusch
  • 19
  • 2
  • 2
    "easily" - citation needed – OrangeDog Dec 08 '20 at 16:38
  • https://www.etsi.org/deliver/etsi_ts/102200_102299/102223/13.01.00_60/ts_102223v130100p.pdf Page 60 – nusch Dec 10 '20 at 23:00
  • the word "gateway" does not appear on that page, and I'm not familiar with the technical jargon in use. Are you saying that the SIM can force the phone to use it as a proxy server for mobile data connections? As far as I can tell that section is about allowing application on the SIM to talk to peripherals (e.g. security tokens), not about routing the phone's own traffic. – OrangeDog Dec 11 '20 at 10:05
  • I'm not saying SIM necessary need to be proxy(it could if you have enough space for appropriate cardlet) but that it has control over mobile terminal settings. And above document is not a jargon, it's a standard compatible with Global Platform. The OS and baseband trust the SIM in so many places that you can safely assume it can control it. One sample scenario for android: https://source.android.com/devices/tech/config/carrier – nusch Dec 13 '20 at 16:06
  • of course it's jargon. It's a technical specification document, not a pop-sci blog. – OrangeDog Dec 13 '20 at 17:53