Thread: [Announce] SMScon (control your device with SMS)
View Single Post
zimon is offline zimon
2012-07-14 , 20:39
Posts: 1,341 | Thanked: 708 times | Joined on Feb 2010
#1220
Originally Posted by yablacky View Post
The IMSI is a 15-digit number, appox. 50 bits. I agree, this nowadays is not very secure against brute force attacks.

I tried a lot to access other data on the SIM which requires PIN, e.g. the address book. This could provide more bits to the key. I just had no success yet to query the SIM phone book programmatically Has anybody tried this successfully? It could help a lot.

On the other hand, some may find that 50 bits are enough for their data on the phone. The usual thief or finder would not try to crack it brute force. Those having real sensitive data should of course not protect data using a 15 digit number...


Having more than 15 digits as a truecrypt password is a MUST though. It is way too easy to brute force and anyone could find instructions on the web by asking. Having other info from SIM card behind PIN code is good idea in that case to increase the password length.

Of course three letter agencies, police, operators and those have no problem finding out your IMSI.

Can IMSI be retrieved and SIM-card opened by hacking somehow maybe? Actually there is only 10000 keys to brute force, but normally SIM-card gets locked down after 3 wrong PIN-code attempts.

btw, is there any reason why smscon password has to be in plain text anywhere?
Last edited by zimon; 2012-07-14 at 20:41.
 

The Following 2 Users Say Thank You to zimon For This Useful Post: