Security assessment of mobile networks by data extraction from SIM cards via AT commands
In the last two decades the growth of the mobile phone industry has been significant. This growth has led to the usage of mobile devices for everyday actions such as communication, banking, networking etc. It is common knowledge that the more a service is used, the more attackers will try and exploit it. The improvement of computers’ processing power has made security measures, which once were adequate, easy to overcome. Moreover, mobile service providers are not up-to-date with the latest standards mainly for two reasons. The first reason is that mobile carriers purchase their equipment and once it is installed it acts as a black box, meaning that the provider does not interfere with the equipment’s internals. The second reason is that in order to improve security for the mobile services the provider offers, there need to be a tradeoff and waste more resources. The need for more processing power will lead to a more expensive functioning of the infrastructure and this means less profit for the provider. This thesis documents the attempt to extract information about the mobile networks from the mobile’s SIM card. With the use of AT Commands it was made possible to extract security related data and perform a security assessment in the current state of the mobile service networks. Using custom made tools, a database of logs was built and processed in order to arrive to conclusions.