As of June 15th, 2017 within EU, Norway, Island and Liechtenstein 'Roam like at home' starts we expect manipulated EFOPL (Operator PLMN List) on UICCs. We got noise from Darknet.
So before getting the first case of this issue we try to understand how encryption on UICC was broken and additional operators were added and others removed. Encryption on UICC is not easy to overcome and as always my slogan towards 'NFCrime' stands.
In 3GPP TS 31.102 v14.2.0 (2017-4) at 4.2.59 is the entry point. It deppends on each MNO how encryption is put on their UICCs. We search for BH, DefCon, CanSec and PHdays indicators of how Darknet got this tools.
3G encryption TS 55.216
http//
LTE encryption TS 55.241, 55.242, 55.243 (split in 3 TSs)
http//
http//
http//
Any helpful thoughts pls PM me.
Thank you in advance.
Is there a website showing as much detailled data as possible or a login-protected platform to see which MNO has running roaming contracts? The layer of roaming is such intransparent that a only by-case lookup does not help to learn the mechanics of big MNOs and their changes.
Please help. Thank you.