SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies

SecTor 2025 | Ghost SIM Attack: Hacking Mobile Network Authentication Policies

MediaVideo
Yanac

The authentication policy of a mobile operator dictates the frequency and conditions under which an authentication procedure is triggered on the subscriber following a set number of events. A lax or insufficiently robust authentication policy may allow an attacker to perform the Ghost SIM Attack, an attack that results in potential fraud, starting by extracting essential SIM card information.

This presentation unveils a comprehensive overview of the experimental setup and methodology utilized to execute the Ghost SIM Attack, along with an in-depth analysis of the authentication policies implemented by various operators and technologies across multiple countries around the world.

The results reveal that the Ghost SIM Attack is successful across all the selected technologies and operators, highlighting the weak authentication policies configured. Finally, some countermeasures are proposed for the attack while also addressing its limitations.

By:
Pedro Cabrera | Founder, Ethon Shield
Miguel Gallego | Partner, Ethon Shield

Presentation Materials Available at:
https://blackhat.com/sector/2025/briefings/schedule/?#ghost-sim-attack-hacking-mobile-network-authentication-policies-47749Black HatRead More