Java Card

Back to research

{ Details }

This page presents details of security vulnerabilities and attack techniques discovered as a result of our Java Card security research project. These details are provided in a form of original vulnerability reports and accompanying Proof of Concept Codes.

Oracle Vulnerability Reports

  • SE-2019-01-ORACLE, Issues #1-18, PDF file, 1630KB (download)
  • SE-2019-01-ORACLE-2, Issues #20-25, PDF file, 339KB (download)
  • SE-2019-01-ORACLE-3, Issues #26-32, PDF file, 571KB (download)

Gemalto Vulnerability Reports

  • SE-2019-01-GEMALTO, Issues #19 and #33, PDF file, 577KB (download)
  • SE-2019-01-GEMALTO-2, Issue #34, PDF file, 833KB (download)

Please note, that there are more unpublished security issues affecting Gemalto UICC (SIM / USIM) cards making it possible to get unauthorised access to the card, break card's security and get access to STK keys used for remote management (SIM / USIM applications and file system). Corresponding security and vulnerability intelligence is available through a new company (Adam Gowdiak Security Research).

Additional materials

  • Reverse Engineering Java SIM card, PDF file, 748KB (download)


Proof of Concept Codes below are provided purely for educational purposes only. It is expressly forbidden to use them for any purposes that would violate any domestic or international laws. If you do not agree with this policy, please leave this page.

  • "Security vulnerabilities in Java Card", Proof of Concept codes for Issues 1-18 and 20-32, ZIP file, 246KB (download)