http://2015.brucon.org/index.php?title=Stealing_a_Mobile_Identity_Using_Wormholes&feed=atom&action=historyStealing a Mobile Identity Using Wormholes - Revision history2024-03-29T15:02:41ZRevision history for this page on the wikiMediaWiki 1.27.4http://2015.brucon.org/index.php?title=Stealing_a_Mobile_Identity_Using_Wormholes&diff=4675&oldid=prevZnb: Created page with "Authentication in mobile networks is usually done using a secure element which is commonly a SIM-Card. It is a tamper resistant device that should prevent cloning of mobile id..."2014-09-09T19:31:55Z<p>Created page with "Authentication in mobile networks is usually done using a secure element which is commonly a SIM-Card. It is a tamper resistant device that should prevent cloning of mobile id..."</p>
<p><b>New page</b></p><div>Authentication in mobile networks is usually done using a secure element which is commonly a SIM-Card. It is a tamper resistant device that should prevent cloning of mobile identities by legitimate users as well as attackers. <br />
<br />
Mobile network operators as well as most users have an interest in preventing the cloning of a mobile network identity. As the mobile network identity is widely used as authentication factor for online-banking applications and resetting of account-passwords for services at Google, Yahoo and others, protection of the mobile identity is even more important.<br />
<br />
A widespread assumption is that for successful authentication a SIM card needs to be present in a device. While this assumption might be true in the era before smartphones, it is not valid anymore. Modern day smartphones have a multitude of communication channels besides the mobile network as for example Bluetooth, NFC, WiFi and generally a constant connection to the internet. <br />
We call these communication channels Wormholes as they allow data to travel from the mobile device to places that it was never intended to do.<br />
<br />
In this talk we will learn how to access the SIM-Card on Android phones from a native application without special privileges. Additionally techniques for forwarding GSM and 3G authentication vectors to different devices will be presented.<br />
<br />
As a special a short walkthrough on analysing and modifying the baseband firmware of a common class of Android phones will be given.</div>Znb