Cloning 3G/4G SIM Card with a PC AND an Oscilloscope: Lessons Learned in Physical Security

by Yu Yu
Sept. 18, 2017 1 comment Black Hat belen_caty Encryption & Authentication

In this presentation, we show how to amount differential power analysis that recovers encryption key and other secrets in a divide-and-conquer manner within a few (10 to 40) minutes, allowing for SIM cards cloning. Our experiments succeeded on eight 3G/4G SIM cards from a variety of operators and manufacturers. The measurement setup of our experiment mainly consists of an oscilloscope (for power acquisition), an MP300-SC2 protocol analyzer (for interception of the messages), a self-made SIM card reader, and a PC (for signal processing and cryptanalysis). We finish the presentation by showing what happens to a 3G/4G SIM card and its duplicate when receiving texts/calls at the same time.

Steven Ulm 6 months ago

I always thought that SIM cards (3G or 4G) are quite vulnerable. Your presentation is just underlining my fears - lol...