This talk features an attack that enables active cloning of mobile identities. It is shown how to patch baseband firmware for Android devices to enable a virtual SIM card. Additionally different methods enabling access to the SIM card on unmodified Android devices are presented.
Running a mobile network authentication algorithm on a SIM card in a first device and forwarding the result to a patched baseband on a second device allows the second device to retrieve valid authentication tokens. The second device can use these tokens to authenticate to the mobile network without having permanent access to the SIM card. I will present how to retrieve and forward authentication over different channels on Android phones. As an additional goodie, details about the inner workings of a MediaTek-Baseband will be presented.