Mobile Threat Catalogue

Smartcard Hidden Commands


Threat Category: USIM / SIM / UICC security

ID: STA-26

Threat Description: Smartcard operating systems carry a number of hidden commands that can be abused to retrieve data from or modify data within the smartcard. These commands can remain active from an initialization phase or execution of a previous application.

Threat Origin

A Review of Smartcard Security Issues 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


  1. H. Ko and R. Caytiles, “A Review of Smartcard Security Issues,” Journal of Security Engineering, 8, no. 3 (2011): 6. [accessed 10/11/21]