undefined | Better HN

0 pointspaledot3y ago0 comments

Sadly, SIM cloning attacks start by social engineering a cell phone support person into sending the attacker a replacement for the SIM they "lost".

0 comments

simfree3y ago

Your thinking of SIM swapping attacks. SIM cloning is much harder without breaching the SIM manufacturer (often Gemalto or another giant vendor).

Rerouting traffic with a malicious home location record (like what was done to Merkel for years), or changing the eSPID/NNID for a numbers texting enablement is much easier than doing a SIM swap and you can usually avoid detection too.

samdcbu3y ago

The irony of SIM cards being a cryptographically strong smart card and then carriers let their employees give out replacement SIMs left and right. Ah, humans.

fun fact: SIM cards can run applets based on Java. That’s how mobile payments are able to work in developing nations. I think there was a DEFCON talk about it a few years ago.

j / k navigate · click thread line to collapse

0 comments

simfree3y ago

Your thinking of SIM swapping attacks. SIM cloning is much harder without breaching the SIM manufacturer (often Gemalto or another giant vendor).

samdcbu3y ago

The irony of SIM cards being a cryptographically strong smart card and then carriers let their employees give out replacement SIMs left and right. Ah, humans.

fun fact: SIM cards can run applets based on Java. That’s how mobile payments are able to work in developing nations. I think there was a DEFCON talk about it a few years ago.

j / k navigate · click thread line to collapse