{"id":5234,"date":"2016-01-05T07:03:00","date_gmt":"2016-01-05T12:03:00","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=5234"},"modified":"2019-11-15T15:24:19","modified_gmt":"2019-11-15T11:24:19","slug":"sim-card-history","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/sim-card-history\/5234\/","title":{"rendered":"The evolution of the SIM card"},"content":{"rendered":"<p>A SIM card, or Subscriber Identity Module is a familiar element of a mobile phone. It can be easily swapped or replaced, yet, it was not born at the same time as the cellular phone. The first mobile phones used to support only \u2019embedded\u2019 communication standards: the subscription parameters were hard-coded into the mobile terminal\u2019s memory.<\/p>\n<p>The oldest analogue standards like\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/nordic_mobile_telephony\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">NMT-450<\/a>\u00a0did not employ any means of security: the subscription data could be copied into another device and cloned, making it possible to call and accept calls on the rightful owner\u2019s behalf, free of charge.<\/p>\n<p>The first means of security, which was invented a bit later, was the so called Subscriber Identity Security (SIS) code \u2014 an 18-digit number which was unique to a device and hard-coded into an application processor. SIS codes used to be evenly distributed among the vendors so two devices could not share the same SIS code. The processor also stored a 7-digit RID code which was transmitted to a base station when a subscriber registered to a cellular network.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Weak Link: How to lose everything having lost your <a href=\"https:\/\/twitter.com\/hashtag\/SIM?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#SIM<\/a>-card <a href=\"https:\/\/t.co\/wha5ECQP6A\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/wha5ECQP6A<\/a>  <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"http:\/\/t.co\/ykU4j1mbvI\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/ykU4j1mbvI<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/534528996541988864?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 18, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The base station would generate a random number, which, bundled with a unique SIS response, SIS processor would use to produce the authorization key.<\/p>\n<p>Both keys and numbers were relatively short but adequate for 1994 \u2014 quite predictably, the system was later cracked, just three years before the GSM (Global System for Mobile Communications) standard emerged. It was more secure by design as it used a similar, yet more cryptically resilient authorization system. The standard thus became \u2018detached.\u2019<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">4G is just beginning to become the norm, so why do we need 5G? \u2013 <a href=\"http:\/\/t.co\/vP3wDv1X8s\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/vP3wDv1X8s<\/a> <a href=\"http:\/\/t.co\/t9ZR5neEcN\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/t9ZR5neEcN<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/617015539848843264?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>This meant that the authorization was then fully performed on an external processor integrated into a smart card. The resulting solution was called SIM. With the introduction of SIM cards, the subscription was no longer dependent on the device so a user could change devices as frequently as wished, while preserving the mobile identity.<\/p>\n<p>A SIM card is basically an\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/iso\/iec_7816\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ISO 7816<\/a>\u00a0standard smart card and has no significant difference from other contact IC-based cards, like credit cards or phonecards. The first SIM cards even had the same size as a credit card, but the overall trend of shrinking dimensions had led to a newer, more compact form.<\/p>\n<p>Traditional full-size\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/Subscriber_identity_module#Full-size_SIM\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">1FF<\/a>\u00a0(1st Form Factor) SIM card would no longer fit into the phone, so the industry has invented a simple compatibility solution: a smaller SIM card (mini-SIM, or 2FF, or 2nd Form Factor), which is common for modern users, was placed into a 1FF-size plastic carrier, so the newer form factor confined the chip and the contact arrangements in a smaller footprint and could be easily popped out.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5237\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2016\/01\/05113041\/sim-card-history-evolution.png\" alt=\"sim-card-history-evolution\" width=\"1280\" height=\"1280\"><\/p>\n<p>Although this shrinking trend continued with micro-SIM (3FF) and then nano-SIM (4FF), the shape and the contact arrangement, as well as the features of embedded chips, have remained the same for nearly 25 years. Large plastic \u2018dummies\u2019 are produced nowadays to accomodate the needs of users who still prefer really old school handsets.<\/p>\n<p>With that said many now out-dated devices would not support today\u2019s SIM cards, even if they are full-sized. It comes down to the fact that the operating voltage for earlier SIM cards was 5 V, whereas today\u2019s cards require 3 V. Many SIM manufacturers prefer to trade compatibility for cost, so the majority of modern SIM cards won\u2019t support two voltages. That\u2019s why in an old 5 V only compatible phone 3 V only SIM cards would not even work due to their processor\u2019s voltage protection.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How do you make a completely anonymous phone call? It's harder than you think \u2013 <a href=\"http:\/\/t.co\/KZbvNxx7wz\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/KZbvNxx7wz<\/a> <a href=\"http:\/\/t.co\/oocb9LHjlp\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/oocb9LHjlp<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/585513680009359361?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">April 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>While on the production line, certain information is written into the memory of a SIM card: the IMSI (International Mobile Subscriber Identity) in accordance to the carrier who ordered the batch, and a 128-bit key called Ki (Key Identification). Simply put, IMSI and Ki are the subscriber\u2019s login and password respectively, hard-coded into the SIM card chip.<\/p>\n<p>The correspondence between a subscriber\u2019s IMSI and the phone number is stored in a special database called HLR (Home Location Register). This data is copied into another database, VLR (Visitor Location Register) in each segment of the network, based on the subscriber\u2019s temporary \u2018guest\u2019 registration to another base station.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Allegations emerged the <a href=\"https:\/\/twitter.com\/hashtag\/NSA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#NSA<\/a> hacked @Gemlto, stealing crypto keys for millions of SIM cards <a href=\"https:\/\/t.co\/MFHK0jBrbF\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/MFHK0jBrbF<\/a> <a href=\"http:\/\/t.co\/a55WJyQEpg\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/a55WJyQEpg<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/571340308614672385?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The authorization process is quite simple. When a subscriber is registered to the temporary database, VLR sends a random 128-bit number (RAND) to the phone number. The SIM card processor uses the A3 algorithm to generate a 32-bit response (SRES) to VLR, based on the RAND number and Ki. If VLR gets a matching response, the subscriber becomes registered in the network.<\/p>\n<p>SIM also generates another temporary key called Kc. Its value is calculated based on above mentioned RAND and Ki with the help of the A8 algorithm. That key, in turn, is used to encrypt transmitted data by means of the A5 algorithm.<\/p>\n<p>Sounds a bit complicated because of oh so many acronyms and all. But the basic idea is pretty simple: firstly you have a login and password hard-coded into the SIM, secondly you create verification and encryption keys with a couple of math tricks, and that\u2019s it \u2014 you\u2019re connected.<\/p>\n<p>The encryption is always enabled by default, however, in certain circumstances (for instance, provided a warrant) it is switched off, making it possible for an intelligence agency to intercept phone conversations. In that case, an old-school handset displayed an open padlock, whereas modern phones (except Blackberry) never demonstrate anything of the sort.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How easy is it to hack a cellular network? <a href=\"https:\/\/t.co\/FEH3kcVjp9\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/FEH3kcVjp9<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/mobile?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobile<\/a> <a href=\"https:\/\/t.co\/T52mFaeXgg\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/T52mFaeXgg<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/669191472252633088?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">November 24, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>There is an attack specifically designed to intercept phone conversations; in order to perform the attack, an adversary needs a device called\u00a0<a href=\"https:\/\/en.wikipedia.org\/wiki\/IMSI-catcher\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">IMSI Catcher<\/a>. It emulates a base station and registers connecting phones, then forwarding all signals to a real base station.<\/p>\n<p>In this case, the entire authorization process flows in the normal mode (there is no need to crack the encryption keys), but the faux base station urges the handset to transmit in a plaintext mode, so an adversary can intercept signals without the carrier\u2019s and subscriber\u2019s knowledge.<\/p>\n<p>Funny as it seems, this \u2018vulnerability\u2019 is not a vulnerability; in fact, this feature was designed to be there from the start, so intelligence services could perform\u00a0<a href=\"https:\/\/www.kaspersky.com\/blog\/man-in-the-middle-attack\/1613\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Man-In-The-Middle<\/a>\u00a0attacks when appropriate for the case.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A SIM card, or Subscriber Identity Module is a familiar element of a mobile phone. It can be easily swapped or replaced, yet, it was not born at the same<\/p>\n","protected":false},"author":540,"featured_media":5235,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[5],"tags":[1101,1102,1014,261,546,1103,97,843,949,321],"class_list":{"0":"post-5234","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"tag-cellular","9":"tag-cellular-connection","10":"tag-communication","11":"tag-encryption","12":"tag-history","13":"tag-mobile-networks","14":"tag-security-2","15":"tag-sim","16":"tag-sim-cards","17":"tag-technology"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/sim-card-history\/5234\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/sim-card-history\/6473\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/sim-card-history\/6553\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/sim-card-history\/6493\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/sim-card-history\/7438\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/sim-card-history\/7164\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/sim-card-history\/10189\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/sim-card-history\/10909\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/sim-card-history\/5149\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/sim-card-history\/5901\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/sim-card-history\/6675\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/sim-card-history\/9934\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/sim-card-history\/10189\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/sim-card-history\/10909\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/sim-card-history\/10909\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/cellular\/","name":"cellular"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5234","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/540"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=5234"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5234\/revisions"}],"predecessor-version":[{"id":14902,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/5234\/revisions\/14902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/5235"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=5234"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=5234"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=5234"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}