SIMulation Attack

    This page provides more information about the SIMulation attack.
    Explanation on the SIMulation attack can be found in this paper (accepted by DSN'22) .

Introduction

    A recently emerged cellular network based One-Tap Authentication (OTAuth) scheme allows app users to quickly sign up or log in to their accounts conveniently: Mobile Network Operator (MNO) provided tokens instead of user passwords are used as identity credentials. After conducting an in-depth security analysis, we have revealed several fundamental design flaws among popular OTAuth services, which allow an adversary to perform the SIMulation attack. After the SIMulation attack was successfully carried out, an attacker can (1) perform unauthorized login and register new accounts as the victim, (2) illegally obtain identities of victims, and (3) interfere OTAuth services of legitimate apps.

Demo Videos

Details about these two attack scenarios can be found in Section III.D of the paper.

(1) Attack via a malicious app

Taking Kuaishou as the target app

(2) Attack by connecting to victim's hotspot

Taking Sina Weibo as the target app

Detailed Measurement Results