5

Reason for this question:

This article regarding NSA / GCHQ SIM Hacking) states some manufacturers of SIM-Card have been hacked to steal SIM-Card "Ki". I want to know the likelihood of the SIM-Cards I deal with being compromised.

Is it possible for me to identify the manufacturer of a given SIM Card?
If yes: How?

EDIT:

Someone mentioned the text printed on the SIM-Card:

Is there any way to identify the Manufacturer if these markings are gone because the Card was cropped to fit in a smaller socket?

I know that there is no such thing as absolute security even if the Cards i deal with are not from Gemalto. But i am still curious if the Cards i deal with are certainly compromised.

M C
  • 161
  • 1
  • 6
  • I've added a paragraph to my answer, including a Google images search, that might help you figure out who made your SIM card. – John Deters Feb 25 '15 at 03:37
  • You could put the SIM card into a standard smart card reader and Google its ATR, that would definitely give you a hint about the manufacturer. –  Feb 25 '15 at 03:57

3 Answers3

5

The manufacturer of the card may be printed on the carrier card. When SIM cards are made, they're produced in a standard credit-card shaped plastic card, with a punch-out slot that contains the SIM itself. This outer plastic card may have printing on it that shows who the manufacturer is.

Also, the shape of the circuit pads is proprietary to each manufacturer. Gemplus, the predecessor to Gemalto, used to embed their company name in tiny letters in the copper, at the top of the center area which they shaped like a lozenge. However, I was unable to find a definitive site that shows a catalog of each manufacturer's circuit pad shapes.

You might be able to figure it out by examining pictures yourself. I searched Google Images for "gemalto sim cards" and found a lot of pictures of the circuit pads. Look at the shape of each of the contact pads. Notice how the center pad can be shaped like an O, an 8, a J, it can be rectangular or rounded, squared, or even elaborate diamond shapes. Different card makers have different shapes.

Be careful not to believe every picture you see associated with Gemalto, as many are generic pictures of SIM cards that are being added to articles associated with the current news event. But if you see a picture of a card that has the name "Gemalto" (or other chip manufacturer) printed on the plastic, you can be sure that's the design of their pads.

Regardless of who made your card, you have no way of knowing if the Ki was compromised. Gemalto is just the biggest player in the field, so it's unsurprising they were hit. But that doesn't mean other card manufacturers weren't hit.

John Deters
  • 33,650
  • 3
  • 57
  • 110
3

Keep in mind that the report only identified a single manufacturer, but that does not mean that other unidentified manufacturers were not compromised as well. While identification of the manufacturer of the SIM card may identify it as being a victim of THIS breach, it does not mean that other, non-reported breaches did not occur as well.

Given the capabilities of the organizations involved, there is a high probability that most cards have been compromised.

h2oliu
  • 91
  • 3
2

Insert the SIM card into a standard smart card reader and Google its ATR string, that will definitely give you, at least a hint about the manufacturer if not more.

  • This is a valuable hint! I didn' know about ATR strings. This might actualy work. All i need is a smartcard-reader and a [Parser](http://smartcard-atr.appspot.com/) or [List](http://ludovic.rousseau.free.fr/softwares/pcsc-tools/smartcard_list.txt) of ATR strings. Thank you. – M C Feb 25 '15 at 08:31