an empirical study of wireless carrier authentication for
play

An Empirical Study of Wireless Carrier Authentication for SIM - PowerPoint PPT Presentation

Mar 21, 2023 •228 likes •330 views

An Empirical Study of Wireless Carrier Authentication for SIM Swaps Kevin Lee kvnl@cs.princeton.edu Graduate Researcher Princeton University Joint work with Ben Kaiser, Jonathan Mayer, Arvind Narayanan Special thanks to Mihir Kshirsagar

  1. An Empirical Study of Wireless Carrier Authentication for SIM Swaps Kevin Lee kvnl@cs.princeton.edu Graduate Researcher Princeton University Joint work with Ben Kaiser, Jonathan Mayer, Arvind Narayanan Special thanks to Mihir Kshirsagar

  2. What are SIM swap attacks? Hi, I’m Victim and I need to move my cell service over to a new SIM card. Sure, Victim. Let’s confirm it’s you. Please provide the answer to challenge Y . Adversary Victim’s Carrier The answer to that challenge is Z. That’s correct. Your service has been moved to the new SIM card. SMS 2 Victim

  3. What are SIM swap attacks? Hi, I’m Victim and I need to move my cell service over to a new SIM card. Sure, Victim. Let’s confirm it’s you. Please provide the answer to challenge Y . Adversary Victim’s Carrier The answer to that challenge is Z. That’s correct. Your service has been moved to the new SIM card. SMS 3 Victim

  4. Attackers can intercept messages and calls Leads to financial loss, account hijacking, impersonation, and denial of service • September 5, 2019 4

  5. All five carriers had flawed policies Attack 100% successful on major carriers, 40% success on virtual carriers • Insecure authentication challenges across all carriers • 5

  6. Key vulnerability: Manipulable information Date/amount of last payment (2 carriers) • No authentication when making payments, so an attacker can make a payment, then use – that information to authenticate Recently called numbers (incoming and outgoing) (3 carriers) • Attackers can trick victims into placing or receiving calls – Reponse: After reviewing our research, T-Mobile informed us that they no longer • uses call logs for customer authentication (January 2020) 6

  7. Key vulnerability: Customer service reps ● Allowed SIM swaps without authentication Forgot to authenticate ○ Proceeded despite failed attempts ○ ● Disclosed information without authentication Guided our guesses ○ Leaked billing address ○ 7

  8. Why does this matter? We reverse-engineered the authentication policies of 145 websites that support • phone-based authentication. We examined the MFA schemes and recovery option pairs • Limitation: accounts were not linked to assets • 8

  9. Most sites don’t stand up well to SIM swaps Eighty three (a majority) websites default to insecure configurations • Seventeen websites allow SMS recovery allowed alongside SMS 2FA • We notified these vulnerable websites (January 2020) – 9

  10. Thank you! Full findings, recommendations, carrier/website responses: issms2fasecure.com Email: kvnl@cs.princeton.edu 10

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier Networks-Special Initiatives General Dynamics Wireless Services Primary Network Growth Wireless Service Providers Digital Features and

134 views • 10 slides
In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes

In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes

In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes networks are largely independent Can transmit concurrently: spatial reuse of medium R 2 R 1 S 1 S 2 Sometimes they are in conflict

273 views • 23 slides
CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and

CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and

CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and Stefan Mangold Disney Research Zurich, Switzerland Summary Wireless LAN is crucial in navigation systems Current solutions do not meet a

685 views • 36 slides
In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter:

In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter:

In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter: Manuel Stocker Mentor: Philipp Sommer So what is Carrier Sense? Problem: One medium (wire, frequency, ) shared between multiple senders

813 views • 44 slides
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance between performance /scalability

517 views • 24 slides
AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical

AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical

AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical studies of how developer decisions Irene Manotas, * Christian Bird, impact energy consumption (design patterns, web Lori Pollock, * and James

354 views • 32 slides
Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental

Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental

Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental methodology Empirical study in homes in Real Homes Spectrum study of existing wireless signals Empirical Studies for Home-Area Sensor Networks

570 views • 7 slides
UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on

UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on

UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on campus, wireless authentication and improvements June 6 7, 2019 Wireless Improvements Top Areas of Improvement 2018 Chemistry Duck

773 views • 17 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed

Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed

Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed for cities, counties, and properties owners with large area(s) of consolidated land to keep an up-to-date inventory of the existing wireless

520 views • 18 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

4/2/18 WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New challenges: wireless links and mobile hosts Cellular networks for Internet access Introduction to mobility 1 4/2/18 CSMA/CD: carrier sensing

494 views • 23 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER 30AWH Air To Water Heat Pump 2 overview europe, middle east & asia # 8 # 8 factories & design centers # 1 17 factories 07 design

951 views • 51 slides
Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler

Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler

Presentation Experiment Conclusion Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler Information and Communication Technology University of Trento February 19th, 2014 Empirical Study: Expert Finding 1/

484 views • 24 slides
Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome Located in the City of Syracuse Seats approximately 49,262 Host a variety of events Air supported roof 6.5 acre 6.5 million gallons

447 views • 5 slides
Single Image Portrait Relighting Tiancheng Sun 1 , Jonathan T. Barron 2 , Yun-Ta Tsai 2 , Zexiang

Single Image Portrait Relighting Tiancheng Sun 1 , Jonathan T. Barron 2 , Yun-Ta Tsai 2 , Zexiang

Single Image Portrait Relighting Tiancheng Sun 1 , Jonathan T. Barron 2 , Yun-Ta Tsai 2 , Zexiang Xu 1 , Xueming Yu 3 , Graham Fyffe 3 , Christoph Rhemann 3 , Jay Busch 3 , Paul Debevec 3 , Ravi Ramamoorthi 1 1 University of California, San Diego, 2

1.65k views • 151 slides
Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started

Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started

Getting Started With Perl Jonathan Worthington Scarborough Linux User Group Getting Started With Perl What is Perl? A programming language Created by Larry Wall Perl 1 released in 1987 Current version is Perl 5.8.x Perl 6

874 views • 62 slides
X10 X10 Jonathan Lee Jonathan Lee Daniel Lee Daniel Lee What is X10? What is X10?

X10 X10 Jonathan Lee Jonathan Lee Daniel Lee Daniel Lee What is X10? What is X10?

X10 X10 Jonathan Lee Jonathan Lee Daniel Lee Daniel Lee What is X10? What is X10? Programming language designed for high- Programming language designed for high- performance, high-productivity performance, high-productivity

503 views • 26 slides
MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL

MANA MANAGING HOME BIA GING HOME BIAS: : DEFENDING THE V DEFENDING THE VALUE OF LUE OF GL GLOBAL EQUITIES OBAL EQUITIES TO US PRIV US PRIVATE CLIENT E CLIENTS Jonathan F Jonathan Foster ster President & CEO Angeles Wealth

643 views • 19 slides
Automating MongoDB Clusters Jonathan Rudenberg @"tanous Flynn is an easy PaaS Flynn git

Automating MongoDB Clusters Jonathan Rudenberg @"tanous Flynn is an easy PaaS Flynn git

Automating MongoDB Clusters Jonathan Rudenberg @"tanous Flynn is an easy PaaS Flynn git push and Docker deploys HTTPS load balancing Log aggrega<on Everything is highly available Flynn TCP load balancing Service discovery with DNS

359 views • 34 slides
UI Automation CocoaConf PDX 2013 Jonathan Penn @jonathanpenn Slides n Sample Code

UI Automation CocoaConf PDX 2013 Jonathan Penn @jonathanpenn Slides n Sample Code

UI Automation CocoaConf PDX 2013 Jonathan Penn @jonathanpenn Slides n Sample Code cocoamanifest.net/features T e problem Wash. Rinse. Repeat. So...? First, some theory... Edge Cases Wired up right? T ink like a user Show me the

489 views • 26 slides
Dealing with Artificially Dichotomized Variables in Meta-Analytic Structural Equation Modeling

Dealing with Artificially Dichotomized Variables in Meta-Analytic Structural Equation Modeling

Dealing with Artificially Dichotomized Variables in Meta-Analytic Structural Equation Modeling Hannelies de Jonge, Suzanne Jak, & Kees Jan Kan University of Amsterdam H.deJonge@uva.nl Psychoco 2020: International Workshop on Psychometric

514 views • 15 slides
Validatetools Edwin de Jonge, Statistics Netherlands @edwindjonge | github.com/edwindj eRum2018

Validatetools Edwin de Jonge, Statistics Netherlands @edwindjonge | github.com/edwindj eRum2018

Validatetools Edwin de Jonge, Statistics Netherlands @edwindjonge | github.com/edwindj eRum2018 Who am I? Data scientist / Methodologist at Statistics Netherlands (aka CBS). Author of several R-packages, including whisker , validate ,

278 views • 23 slides

More recommend