SIM flaw makes a case for a Secure Mobile Container

Posted some commentary on Bitzer Mobile blog why this moving target of security makes a case for Secure Mobile Container.

Vulnerability in a mobile phone could be beyond just the algorithm, it could be architectural. For example, in the vulnerability researched by Karsten, it is not just the algorithm but the way the phone rejected an unencrypted message by sending an error code along with the card’s 56-bit private key. The private key is decrypted which is then used to create a malicious but “valid” binary SMS message. The attacker modifies the stored data and potentially accesses other areas of the phone which may contain sensitive user data and applications.