What I'm curious about is what Nohl meant when he said that it would take six months from the time of his presentation at Black Hat for crackers to develop working exploits based on his findings. And if he is (as the article suggests) working with the phone companies, why not simply wait until they've implemented their patches (if they in fact need them)?
If indeed it is as simple to force a sim to run these malicious applets as using some sort of rainbow-table-powered replay attack, what would be the challenge? Or perhaps he was referring to the more lucrative aspect of breaking out of the sim sandbox...
Maybe creating the rainbow tables? [I'm not familiar with any of the details here FWIW, just guessing as that seems the most likely thing that could be estimated to take 6 months].
If indeed it is as simple to force a sim to run these malicious applets as using some sort of rainbow-table-powered replay attack, what would be the challenge? Or perhaps he was referring to the more lucrative aspect of breaking out of the sim sandbox...