diplomsko delo visokošolskega študijskega programa Informacijska varnost
Aljoša Pogačar (Author), Blaž Markelj (Mentor), Sabina Zgaga (Co-mentor)

Abstract

SIM swapping je prevara v kibernetskem prostoru, ko storilec dejanja izrabi sicer legitimne procese menjave SIM kartice pri ponudniku mobilnih storitev, da dobi dostop do SIM kartice žrtve in s tem dostop do storitev, katerih delovanje je odvisno od aktivne SIM kartice. Glavna izmed storitev na katero napadalci ciljajo, je prejemanje SMS sporočil, predvsem SMS sporočil, prek katerih uporabnik pridobi enkratna gesla za prijavo v račune, ki so zaščiteni z dvofaktorsko avtentikacijo. Zaradi vse večje uporabe dvofaktorske avtentikacije za prijavo v račune, so ti napadi v porastu. Sama izvedba SIM swappinga pa napadalcu ne pomaga bistveno, če pred tem, s pomočjo metod socialnega inženiringa in uporabo škodljivih programskih kod, ne pridobi prijavnih podatkov o računih, ki so zaščiteni z dvofaktorsko avtentikacijo. Kljub temu, da s pomočjo SIM swappinga in vnaprej pridobiljenih prijavnih podatkov napadalec lahko vdre v vsak račun zaščiten z dvofaktorsko avtentikacijo, pa ima navadno glavna cilja; mobilne banke in kriptodenarnice, saj ima z vdorom in zlorabo teh storitev napadalec največji izkupiček. Sama izvedba napada je sestavljena iz več delov. Največjo vlogo igra žrtev (uporabnik mobilne številke), saj je od njega odvisno, kje objavlja in komu posreduje svoje osebne podatke, s pomočjo katerih se napadalec izdaja za žrtev, da mu izdajo novo SIM kartico. Veliko vlogo pri samem procesu SIM swappinga pa igrajo tudi ponudniki mobilnih storitev. In sicer kot orodje napadalcu za izdajo SIM kartice ter kot obrambni mehanizem pred napadi, saj morajo imeti procese menjav SIM kartic zastavljene na način, da je zloraba teh procesov, pa naj bo menjava v živo, prek telefona ali pa prek self-care portala, praktično nemogoča.

Keywords

SIM kartice;socialni inženiring;diplomske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [A. Pogačar]
UDC: 343.72:621.395.721.5(043.2)
COBISS: 122154499 Link will open in a new window
Views: 15
Downloads: 5
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: SIM swapping scams
Secondary abstract: SIM swapping is a scam in cyberspace where an attacker exploits the otherwise legitimate process of SIM card replacement by mobile network operators (MNOs) to gain access to a variety of services requiring an active SIM card. The attackers’ most common target is the reception of short message services (SMS), especially SMS containing one-time passwords (OTPs) for logging into accounts that are protected by two-factor authentication (2FA). Concurrent with the increase in usage of two-factor authentication for logging into accounts, SIM swapping attacks are also on the rise. While SIM swapping by itself does not give the attacker enough information to do any real damage, it is often supplemented with other login data for 2FA-protected accounts, obtained through social engineering and malicious software programs. Even though a successfully completed SIM swapping attack supplemented with pre-obtained login information allows the attacker access to any account protected by two-factor authentication, the main targets of these attacks remain mobile banking apps and crypto wallets, as the hijacking of these types of accounts has proven to be the most profitable. The execution of the attack itself consists of multiple steps. The victim, in this case the user of the mobile number, is the factor that determines the difficulty of the attack, depending on their level of discretion with their personal information and how readily they share it either publicly or privately. Once this information has been obtained by the attacker, it is used to impersonate the victim with the goal of convincing MNOs to issue them a new SIM card. In SIM swapping scams, MNOs also play a crucial role, as they act both as a tool used by the attacker to obtain the victim’s new SIM card, as well as a defence mechanism preventing such scams from succeeding. The MNOs achieve this by setting up the processes of issuing new SIM cards or changing existing SIM cards in a way that makes abuse practically impossible in any form, be it in an exchange in the shop, via phone call or via self-care portal.
Secondary keywords: Kibernetski prostor;Mobilna telefonija;Varstvo podatkov (računalništvo);Prevara;Univerzitetna in visokošolska dela;
Type (COBISS): Bachelor thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: IX f., 58 str.
ID: 16516237
Recommended works:
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega strokovnega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost