1、#SECTORCA BlackHatEventsGhost SIM attackHacking mobile network authentication policies#SECTORCA BlackHatEventsThe Ghost SIM attack extracts essential SIM card information to take advantage of weak authentication policies to perform fraud in 2G,3G,4G and 5G mobile networks.What is an authentication p
2、olicy?What do we mean by“weak”?What is a SIM card and how does it store information?How do we extract this information?How and why is this attack capable of performing fraud in the mobile network?To be able to understand the previous statement,the following questions need to be answered Ghost SIM at
3、tack#SECTORCA BlackHatEventsExtracting Information SIM cards hacking Mobile Phones Android security featuresInefficient policies Mobile NetworksAnd the fraud was committed Making the GhostResultsRecommendations&RemediationTake awaysOutline#SECTORCA BlackHatEventsSIM cards 101 hackingBetween 1993 and
4、 1998,the PIC16C84(SMD implementation with EEPROM:“GoldWafer”)and PIC16F876(SMD implementation:“Silver card”)microcontrollers became very well known.This family of microcontrollers became very popular in the context of hacking Pay-TV satellite platforms.#SECTORCA BlackHatEventsSIM cards 101 hackingS
5、OURCE:http:/www.isaac.cs.berkeley.edu/isaac/wow.html#1423SOURCE:https:/ SIM card emulator using the samemicrocontroller emerged:SIM-EMUIn those years,operators used an insecure version of a very important algorithm,which allowed SIM cards to be cloned in an attack that lasted 8 hours.To clone a SIM
6、card,physical access to it was required in order to insert it into a Smartcard reader,along with software that implemented the attack on the COMP128(v1)algorithm.#SECTORCA BlackHatEventsSIM cards 101 hackingWhat is SIM card cloning?IMSI(Identity)Ki(Secret Key)Original SIMProgrammable SIMOnly two ver