Predictable serial number attack

A predictable serial number attack is a form of security exploit in which a valid serial number is discovered through a legitimate channel, the algorithm for generating new serial numbers is discovered or reverse engineered, a new serial number is predicted using the algorithm, and the newly generated serial number is then used for a fraudulent purpose, either to obtain an undeserved benefit or to deny service to the legitimate owner of the serial number.

Suppose Mallory purchased two 10-unit phone cards, and noticed that the serial numbers printed on the phone cards were 0001 and 0002. To use the phone cards, Mallory has to enter the serial number into her telephone. After consuming the value on cards 0001 and 0002, Mallory enters 0003 and gets an additional ten units of phone service. When Alice, who legitimately owns the card that bears serial number 0003, tries to use her card she discovers the value has been stolen from it and it is now worthless.

A common approach to prevent serial number plus one attacks is to use a cryptographic hash function such as SHA-2 to generate the actual serial numbers. Internally, the issuing organization creates a (pseudo-)random nonce as a salt for generating the serial numbers, and keeps it secret. The issuer increments their internal serial number and appends it to the salt, and the computed message digest is used to create the actual serial number. The issuer does have to take care to prevent collisions between existing values so as not to wrongly issue two identical serial numbers.

• Predictable serial numbers were used as a part of the counterfeit MD5 certificate attack.^[1]
• An iPod repairman guessed valid serial numbers and used them to perpetrate a fraud against Apple.^[2]

• Denial of service
• Hash collision