The Lore Of Hijacking Systems, Part 1
System: Machine And Method
31 min readJul 20, 2021
Control all vital keys to control the system and the system will be under your mercy. — Re: The system is merely an illusion, 2008-09.28
Law 0: List all knowns and unknowns that may hint the path to the infiltration (and later exfiltration).
Compatible to known system or protocols also means compatible inherit the same limits, flaws and risks.
Law 1: Technology is not a panacea.
Corollary: Technology is not just machines, it is `(Hu)man, machine, method`.Your machines can betray you.
Example Attack:
Attackers do not have to steal your phone. They just have to swap your SIM.
1. The SIM card can be rigged from the start (right from the carrier).
2. Rogue teleco employee can still bypass the security by attacking from the inside.SIM swap fraud: Swapping the line assigned to a SIM card between devices is a legitimate service that allows customers to upgrade or replace a lost or stolen device. SIM swap fraud happens when a customer’s phone number is assigned to a new SIM card and mobile device without their knowledge or consent. Fraudsters may use the victim’s personal information or mobile account information, including phished passwords or fake IDs, to impersonate the real customer and make the SIM card change. Attackers can also ask for specific numbers (which were previously owned by specific mark) to be re-assigned to them.