I’m not too knowledgeable about cellular equipment, but I was wondering how much of the phone based data actually gets to the SIM card.
Would it be possible, by sniffing the connection to the card, to listen to the content of calls and mobile data? Or would it be possible to get tower information in a similar format to rayhunter?
I understand there is some encryption, would getting the keys for that enable some of the previous ideas?
With older all symmetric key SIM cards with all symmetric key establishment you could use it to tap into that. On newer devices, the modem chip and the OS handles the connection and the SIM card uses asymmetric algorithms to identify the user’s device to the carrier and you can’t use it to derive call session keys after the fact.
The card can do other things, but it’s rare for it to actually implement anything but simple protocols to tell the phone how to identify the carrier and how to authenticate against it. In some countries you can use the SIM for payments, etc