pwn.guide
Wireless Hacking

SIM Card Cloning

Learn how an attacker could clone your SIM card.


This tutorial outlines the steps to simulate a SIM card cloning attack for educational penetration testing purposes. It is designed to help security researchers and ethical hackers understand the vulnerabilities associated with SIM card security and demonstrate the potential impact of such an attack.

Disclaimer: This tutorial is for educational purposes only. SIM card cloning is illegal in most jurisdictions without proper authorization.

Prerequisites

  • Authorized scope and written permission from the client/organization.
  • Understanding of cellular network protocols and security.
  • Familiarity with programming and brute-force attacks.
  • Access to open-source software/hardware for setting up a fake base station.
  • SIM card programmer/writer for cloning.

Steps to Simulate SIM Card Cloning

  1. Scope and Authorization:

    • Obtain written permission from the organization or client to conduct the penetration test.
    • Clearly define the targets, systems, and networks within the authorized scope.

  2. Set Up a Fake Base Station:

    • Use open-source software and hardware, such as OpenBTS, to create a fake cell tower (base transceiver station - BTS).
    • Ensure your equipment complies with local regulations, especially those governing radio frequency transmissions.

  3. Perform a Man-in-the-Middle (MitM) Attack:

    • Use tools like SnoopSnitch (Android) or SIMCon (iOS) to intercept communications between the target SIM card and the legitimate cellular network.
    • Capture the encrypted Ki (Authentication Key) during the authentication process.

  4. Brute-Force the Kic (Ki Encryption Key):

    • Employ brute-force techniques to find the correct Kic and decrypt the captured encrypted Ki.
    • Refer to the provided Python code example as a starting point for implementing the brute-force attack.

  5. Clone the SIM Card:

    • Once you have obtained the Ki and IMSI (International Mobile Subscriber Identity), use a SIM card programmer to write this information to a blank SIM card, creating a duplicate.

  6. Test the Clone:

    • Insert the cloned SIM into a phone and verify that you can receive calls and messages intended for the original number.

Conclusion

Through this tutorial, you should gain a practical understanding of SIM card cloning and its potential impact on mobile communication security. By simulating this attack in a controlled environment, security researchers and ethical hackers can identify vulnerabilities and assist organizations in implementing stronger countermeasures.

Recommended Tutorials

Inject Commands Into Bluetooth Devices Using BlueDucky

How to inject commands into Bluetooth devices using BlueDucky.

April 25, 2024