Intercepting Mobile-ID SIM Toolkit Calls On Android

Date

2023

Journal Title

Journal ISSN

Volume Title

Publisher

Tartu Ülikool

Abstract

This thesis investigates the security risk of intercepting Mobile-ID SIM Toolkit calls on Android. The investigation is done by modifying the Android operating system with malware. Through an in-depth analysis of the communication protocol between an Android phone and a SIM card, this study demonstrates that attackers who have gained access to the victim’s phone through illegitimate apps or other exploits with root privileges may be able to remotely control Mobile-ID operations by intercepting SIM card communications. From there on, the system could complete all Mobile-ID transactions surreptitiously and automatically. This thesis aimed to research the security architecture of Android OS concerning Mobile-ID and discuss possible options that a malware creator would have to implement to achieve SIM command intercepting capabilities.

Description

Keywords

Mobiil-ID, SMS, SIM-kaart, Malware, Android

Citation