Cloning 3G/4G SIM Cards With A PC And An Oscilloscope: Lessons Learned In Physical Security
Рет қаралды 54,248
8 жыл бұрынby Yu Yu
Recently, documents leaked from Edward Snowden alleged that NSA and GCHQ had stolen millions of SIM card encryption keys from one of the world's largest chip manufacturers. This incident draws the public attention to the longstanding concern for the mobile network security. Despite that various attacks against 2G (GSM) algorithms (COMP-128, A5) were found in literature, no practical attacks were known against 3G/4G (UMTS/LTE) SIM cards. 3G/4G SIM cards adopt a mutual authentication algorithm called MILENAGE, which is in turn based on AES-128, a mathematically secure block cipher standardized by NIST. In addition to the encryption key, MILENAGE also uses nearly a dozen of 128-bit secrets to further obfuscate the algorithm.
In this presentation, we show how to amount differential power analysis that recovers encryption key and other secrets in a divide-and-conquer manner within a few (10 to 40) minutes, allowing for SIM cards cloning. Our experiments succeeded on eight 3G/4G SIM cards from a variety of operators and manufacturers. The measurement setup of our experiment mainly consists of an oscilloscope (for power acquisition), an MP300-SC2 protocol analyzer (for interception of the messages), a self-made SIM card reader, and a PC (for signal processing and cryptanalysis). We finish the presentation by showing what happens to a 3G/4G SIM card and its duplicate when receiving texts/calls at the same time.
@real_rivolta 10 ай бұрын
The topic was great. But the speech his was more incredible!
@erdem-- 5 жыл бұрын
I am just astonisheed by this. I think sim card manufacturers can prevent side channel attacks by adding small capacitors to SOC. So you can't see voltage fluctuations because at those voltage spikes, capacitors will provide energy instead of power supply. I am just wondering, is there any way to use special made sim cards. I can share my own made public keys, IMSI number, ICCID and other things to my telephone service provider. So i can be fully encrypted e2e on 3g or 4g network.
@andy5003 5 жыл бұрын
Love the content nontheless.
@amjedmohamed492 6 жыл бұрын
Every time i read about these stuffs my brain tells me to go back 100 years T_T
@threeMetreJim 4 жыл бұрын
I'm not that surprised the companies aren't too worried about cloning, you need physical access to the phone (and SIM card) that you want to clone. Getting that for enough time to make a clone, would most certainly be noticed by the owner and possibly have it cancelled. Only the criminals would be interested in cloning to ensure they could not be tied to a certain location - the phone IMEI number is also broadcast with each call, so you'd have to clone that too (highly illegal in most places) to guarantee anonymity by uncertainty due to numbers, a sort of _I'm_ Spartacus, type of situation.
@odusoteadewale232 2 жыл бұрын
Spartacus how are you
@alainpannetier2543 7 жыл бұрын
12:33 Not French. Latin. Otherwise nice presentation Yu Yu
@brendonb5054 5 жыл бұрын
Can we assume that both the original phone and its clone will both receive the SMS or incoming calls? Also, this attack would require physical access to the target phone, is that correct?
@necronomicon1472 5 жыл бұрын
You don't need the whole phone, just the SIM card.
@JohnJohn-gn4tc 3 жыл бұрын
How to get KI
@alainnkongnenwi2919 7 жыл бұрын
Hello, Thanks for the lesson, i wish to know how to connect to my phone(sim card network) without actually connected to it physically.
@asaelahumada5447 7 жыл бұрын
Alain Nkongnenwi do you can clone a sim card? I need to know... I need support!!
@mo.downhill6760 7 жыл бұрын
MAN you should fuck the company and born the network those bitchs improving their security .
@CMiller87 3 жыл бұрын
Tim you should try to get Elon Musk to come on the show also one of the tesla power walls would be helpful on nights like this.
@angelgarcia6145 6 жыл бұрын
I'm afraid the English is, hard
@andreab5185 3 жыл бұрын
The first Chinese talking in English that I ever understood. Not joking. And I'm Italian. Now I just need to practise with Indians and I'm done.
@rahul-ps6ib 2 жыл бұрын
you can speak with me .
@user-ml7gj9hg7l 2 жыл бұрын
thanks fullness to 👆👆very humble as well as very honest vendor.he sell:bank,PayPal transfer,spammed cc also available💯💯
@zaporniska 5 жыл бұрын
Can you clone my sim carde?
@samjoj796 Жыл бұрын
Any one Done This ? Or Any One Can Help Me With it im buying all necessary devices but i don't know about cryptology like how to decode key and opc from it any can help me ?
@asaelahumada5447 7 жыл бұрын
hello I want your support please!!! how I can do for contact for support?
@Crusader183 6 жыл бұрын
His english is so terrible i do not understand anything :(
@simplylinn 5 жыл бұрын
Honestly, even if the English was perfect, I don't think it would have done much for my own comprehension... I'm fairly techy, but this low level crypto stuff, especially combined with side channel, is just so far above my head I might as well call the speaker a martian.
@crackerhacker2271 5 жыл бұрын
LMFAO A Martian?? XD !!!
@simplylinn 5 жыл бұрын
Yeah, a hacker from Mars? Who like... speaks in whatever language they use on Mars, because... it's over my head, and mars is in space, pretty far up in ... forget it
@crackerhacker2271 5 жыл бұрын
lol still a good one. I am sort studying EECS so the hardware side is what I am majoring in. We are just learning the basis of telecommunication and wireless technologies now.
@andreab5185 3 жыл бұрын
I'm not native English speaker but understood all. Oh btw, I'm not new to smart card hacking, to power analysis,cryptography and I have a degree in telecommunications engineering and one in computer science. Maybe that helped me? 😅
@andy5003 5 жыл бұрын
It's the worst English I have ever heard on KZfaq, but it's still not the worst from my experience. I don't know if I should be feeling any better.
@AlphaOmegaSigma 5 жыл бұрын
ikr. i mean, im an asian myself but i and my fellow non-english mother toungue-asian friends who live in sg can even speak better than this bloke.
@user-ml7gj9hg7l 2 жыл бұрын
thanks fullness to 👆👆very humble as well as very honest vendor.he sell:bank,PayPal transfer,spammed cc also available💯💯
LJ Jonathan Swales
Рет қаралды 9 М.