an empirical study of wireless carrier authentication for
play

An Empirical Study of Wireless Carrier Authentication for SIM - PowerPoint PPT Presentation

Mar 21, 2023 •228 likes •330 views

An Empirical Study of Wireless Carrier Authentication for SIM Swaps Kevin Lee kvnl@cs.princeton.edu Graduate Researcher Princeton University Joint work with Ben Kaiser, Jonathan Mayer, Arvind Narayanan Special thanks to Mihir Kshirsagar

  1. An Empirical Study of Wireless Carrier Authentication for SIM Swaps Kevin Lee kvnl@cs.princeton.edu Graduate Researcher Princeton University Joint work with Ben Kaiser, Jonathan Mayer, Arvind Narayanan Special thanks to Mihir Kshirsagar

  2. What are SIM swap attacks? Hi, I’m Victim and I need to move my cell service over to a new SIM card. Sure, Victim. Let’s confirm it’s you. Please provide the answer to challenge Y . Adversary Victim’s Carrier The answer to that challenge is Z. That’s correct. Your service has been moved to the new SIM card. SMS 2 Victim

  3. What are SIM swap attacks? Hi, I’m Victim and I need to move my cell service over to a new SIM card. Sure, Victim. Let’s confirm it’s you. Please provide the answer to challenge Y . Adversary Victim’s Carrier The answer to that challenge is Z. That’s correct. Your service has been moved to the new SIM card. SMS 3 Victim

  4. Attackers can intercept messages and calls Leads to financial loss, account hijacking, impersonation, and denial of service • September 5, 2019 4

  5. All five carriers had flawed policies Attack 100% successful on major carriers, 40% success on virtual carriers • Insecure authentication challenges across all carriers • 5

  6. Key vulnerability: Manipulable information Date/amount of last payment (2 carriers) • No authentication when making payments, so an attacker can make a payment, then use – that information to authenticate Recently called numbers (incoming and outgoing) (3 carriers) • Attackers can trick victims into placing or receiving calls – Reponse: After reviewing our research, T-Mobile informed us that they no longer • uses call logs for customer authentication (January 2020) 6

  7. Key vulnerability: Customer service reps ● Allowed SIM swaps without authentication Forgot to authenticate ○ Proceeded despite failed attempts ○ ● Disclosed information without authentication Guided our guesses ○ Leaked billing address ○ 7

  8. Why does this matter? We reverse-engineered the authentication policies of 145 websites that support • phone-based authentication. We examined the MFA schemes and recovery option pairs • Limitation: accounts were not linked to assets • 8

  9. Most sites don’t stand up well to SIM swaps Eighty three (a majority) websites default to insecure configurations • Seventeen websites allow SMS recovery allowed alongside SMS 2FA • We notified these vulnerable websites (January 2020) – 9

  10. Thank you! Full findings, recommendations, carrier/website responses: issms2fasecure.com Email: kvnl@cs.princeton.edu 10

Recommend

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier

Wireless Telecommunications A Dynamic Revolution Marion C. Solomon, Assoc. AIA Director, Carrier Networks-Special Initiatives General Dynamics Wireless Services Primary Network Growth Wireless Service Providers Digital Features and

134 views • 10 slides
In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes

In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes

In Defense of Wireless Carrier Sense Micah Brodsky Wireless medium is semi -shared Sometimes networks are largely independent Can transmit concurrently: spatial reuse of medium R 2 R 1 S 1 S 2 Sometimes they are in conflict

273 views • 23 slides
CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and

CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and

CAESAR: Carrier Sense-Based Ranging in Off-The-Shelf 802.11 Wireless LAN Domenico Giustiniano and Stefan Mangold Disney Research Zurich, Switzerland Summary Wireless LAN is crucial in navigation systems Current solutions do not meet a

686 views • 36 slides
In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter:

In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter:

In Defense of Wireless Carrier Sense Micah Z. Brodsky, Robert T. Morris SIGCOMM 2009 Presenter: Manuel Stocker Mentor: Philipp Sommer So what is Carrier Sense? Problem: One medium (wire, frequency, ) shared between multiple senders

813 views • 44 slides
Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale

Proxychain: Developing a Robust and Efficient Authentication Infrastructure for Carrier-Scale VoIP Networks Italo Dacosta and Patrick Traynor Performance, Scalability and Security Finding the right balance between performance /scalability

517 views • 24 slides
AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical

AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical

AN EMPIRICAL STUDY OF PRACTITIONERS PERSPECTIVES ON GREEN SOFTWARE ENGINEERING Empirical studies of how developer decisions Irene Manotas, * Christian Bird, impact energy consumption (design patterns, web Lori Pollock, * and James

354 views • 32 slides
Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental

Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental

Outline Introduction M ulti-Channel Reliability and Spectrum Usage Experimental methodology Empirical study in homes in Real Homes Spectrum study of existing wireless signals Empirical Studies for Home-Area Sensor Networks

570 views • 7 slides
UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on

UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on

UNM Wireless Updates Current status of the continued efforts to increase wireless coverage on campus, wireless authentication and improvements June 6 7, 2019 Wireless Improvements Top Areas of Improvement 2018 Chemistry Duck

773 views • 17 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed

Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed

Wireless Master Plan The Wireless Master Plan (WMP) is a comprehensive, customized study designed for cities, counties, and properties owners with large area(s) of consolidated land to keep an up-to-date inventory of the existing wireless

520 views • 18 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New

4/2/18 WIRELESS & CELLULAR NETWORKS SECTIONS 7.1 TO 7.3, 7.7 CSC 249 APRIL 3, 2018 New challenges: wireless links and mobile hosts Cellular networks for Internet access Introduction to mobility 1 4/2/18 CSMA/CD: carrier sensing

494 views • 23 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER

AHI AHI Car Carrier rier Fz Fzc A CARRIER JOINT VENTURE COMPANY Product Presentation CARRIER 30AWH Air To Water Heat Pump 2 overview europe, middle east & asia # 8 # 8 factories & design centers # 1 17 factories 07 design

951 views • 51 slides
Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler

Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler

Presentation Experiment Conclusion Empirical Study: Expert Finding Matthieu Vergne vergne@fbk.eu Fondazione Bruno Kessler Information and Communication Technology University of Trento February 19th, 2014 Empirical Study: Expert Finding 1/

484 views • 24 slides
Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome

Rainwater Harvesting and Reuse system CARRIER DOME MELISSA CADWELL Carrier Dome Carrier Dome Located in the City of Syracuse Seats approximately 49,262 Host a variety of events Air supported roof 6.5 acre 6.5 million gallons

447 views • 5 slides
CS 457 Lecture 7 Ethernet and Wireless Fall 2011 Ethernet Uses CSMA/CD Carrier sense:

CS 457 Lecture 7 Ethernet and Wireless Fall 2011 Ethernet Uses CSMA/CD Carrier sense:

CS 457 Lecture 7 Ethernet and Wireless Fall 2011 Ethernet Uses CSMA/CD Carrier sense: wait for link to be idle Channel idle: start transmitting Channel busy: wait until idle Collision detection: listen while transmitting

246 views • 21 slides
An empirical study of Gaussian belief propagation and application in the detection of F-formations

An empirical study of Gaussian belief propagation and application in the detection of F-formations

Regularized Gaussian belief propagation Empirical Study F-formation detection Concluding Remarks An empirical study of Gaussian belief propagation and application in the detection of F-formations Francois Kamper Stellenbosch University

578 views • 20 slides
A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang,

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang,

A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang, Joel Cardo, Yong Guan ECE, Iowa State University ASWN 2004 Introduction Emergence of visitor networks Visitor Networks: LANs that are

671 views • 13 slides
An Empirical Study of Code Clone Genealogies

An Empirical Study of Code Clone Genealogies

An Empirical Study of Code Clone Genealogies MiryungKim,VibhaSazawal,DavidNotkin,andGailMurphy UniversityofWashington UniversityofBritishColumbia ESEC/FSESept2005 Conventional Wisdom

491 views • 25 slides
An Empirical Security Study of An Empirical Security Study of the Native Code in the JDK the

An Empirical Security Study of An Empirical Security Study of the Native Code in the JDK the

An Empirical Security Study of An Empirical Security Study of the Native Code in the JDK the Native Code in the JDK Gang Tan, Boston College Lehigh University Jason Croft Boston College Jason Croft, Boston College J Java Security S i

817 views • 29 slides
Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 :

Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 :

Corporate Presentation Who s who, and who is doing what ? A little bit of history 1950 : Carrier Conveyor Corporation 1983 : Carrier Vibrating Equipment 1995 : Carrier Europe ( Nivelles-Sud ) 1998 : Carrier Workshop Shangha

287 views • 16 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides

More recommend