Christopher Faircloth, Gavin Hartzell, Nathan Callahan, S. Bhunia
{"title":"蛮力攻击T-Mobile导致sim卡劫持和身份盗窃的研究","authors":"Christopher Faircloth, Gavin Hartzell, Nathan Callahan, S. Bhunia","doi":"10.1109/aiiot54504.2022.9817175","DOIUrl":null,"url":null,"abstract":"The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.","PeriodicalId":409264,"journal":{"name":"2022 IEEE World AI IoT Congress (AIIoT)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft\",\"authors\":\"Christopher Faircloth, Gavin Hartzell, Nathan Callahan, S. Bhunia\",\"doi\":\"10.1109/aiiot54504.2022.9817175\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.\",\"PeriodicalId\":409264,\"journal\":{\"name\":\"2022 IEEE World AI IoT Congress (AIIoT)\",\"volume\":\"40 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 IEEE World AI IoT Congress (AIIoT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/aiiot54504.2022.9817175\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE World AI IoT Congress (AIIoT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/aiiot54504.2022.9817175","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Study on Brute Force Attack on T-Mobile Leading to SIM-Hijacking and Identity-Theft
The 2021 T-Mobile breach conducted by John Erin Binns resulted in the theft of 54 million customers' personal data. The attacker gained entry into T-Mobile's systems through an unprotected router and used brute force techniques to access the sensitive information stored on the internal servers. The data stolen included names, addresses, Social Security Numbers, birthdays, driver's license numbers, ID information, IMEIs, and IMSIs. We analyze the data breach and how it opens the door to identity theft and many other forms of hacking such as SIM Hijacking. SIM Hijacking is a form of hacking in which bad actors can take control of a victim's phone number allowing them means to bypass additional safety measures currently in place to prevent fraud. This paper thoroughly reviews the attack methodology, impact, and attempts to provide an understanding of important measures and possible defense solutions against future attacks. We also detail other social engineering attacks that can be incurred from releasing the leaked data.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
