DEF CON 26 — Rowan Phipps — ThinSIM based Attacks on Mobile Money Systems

Дата: 22.10.2018. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

Phone-based mobile money is becoming the dominant paradigm for financial services in the developing world processing more than a billion dollars per day for over 690 million users. For example, mPesa has an annual cash flow of over thirty billion USD, equivalent to nearly half of Kenya’s GDP. Numerous other products exist inside of nearly every other market, including GCash in the Philippines and easyPaisa in Pakistan. As a part of this growth, competitors have appeared who leverage ThinSIMS, small SIM card add ons, to provide alternative mobile money implementations without operating their own mobile networks. However, the security implications of ThinSIMs are not well understood.

This talk dives into decade old telecom standards to explore how ThinSIMs work and what attackers of mobile money systems can do when they control the interface between the SIM card and the phone. We will also demo two proof of concept exploits that use ThinSIMs to steal money from mobile money platforms and detail the difficulties of defense.


Об авторе CISO CLUB

Редакция портала Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *