by Estyle, Jaoibh and Azrael.
This hack will only work if the person that owns the machine has no intelligence. This is how it works:
When you or anyone installs Windows XP for the first time your asked to put in your username and up to five others.
(more…)
So now that you hopefully have at least a basic understanding of how gsm operates, let’s talk about the fun stuff. The first trick I will discuss is an activity that is becoming quite prevalant, SIM cloning. If you have paid attention to any cell phone related tutorials in the past, then you may remember cloning being made popular by certain public figures like Kevin Mitnick in order to place calls on the bill of another subscriber. Well, even with GSM this trick still holds relevant. How could such a flaw exist in a system that is obviously concentrated on preventing such fraudulant use? The flaw is within the COMP128 authentication algorithm used as an instantiation of A3/A8 widely used by gsm providers. Unfortunately for these providers, the COMP128 algorithm is just not strong enough to prevent fraud. We attack the algorithm by using a chosen-challenge attack, which works by forming a number of specially-chosen challenges and querying the SIM card for each one. Then by analyzing the responses from these queries, we are able to determine the value of the secret key that is used for authentication. So how do we perform this attack?