Let's talk about the fun stuff. The first trick I will discuss is an activity that is becoming quite prevalant, SIM cloning. If you have paid attention to any cell phone related tutorials in the past, then you may remember cloning being made popular by certain public figures. 

Well, even with GSM this trick still holds relevant. How could such a flaw exist in a system that is obviously concentrated on preventing such fraudulant use? 

The flaw is within the COMP128 authentication algorithm used as an instantiation of A3/A8 widely used by gsm providers. Unfortunately for these providers, the COMP128 algorithm is just not strong enough to prevent fraud. We attack the algorithm by using a chosen-challenge attack, which works by forming a number of specially-chosen challenges and querying the SIM card for each one. Then by analyzing the responses from these queries, we are able to determine the value of the secret key that is used for authentication. So how do we perform this attack?