Predictable serial number attack

A predictable serial number attack is a form of security exploit in which the algorithm for generating serial numbers for a particular purpose is guessed, discovered, or reverse engineered, a new serial number is predicted using the algorithm, and the newly generated serial number is then used for a fraudulent purpose, either to obtain an undeserved benefit or to deny service to the legitimate holder of the serial number.

Example
Suppose there is a phone card available for sale that offers telephone service by entering the serial number printed on the card. Alice legitimately purchases a phone card in order to call Bob, and her card has the serial number 0003. The attacker, Mallory, also purchases two phone cards, and notices that the serial numbers printed on her phone cards are 0001 and 0002. After consuming the value on cards 0001 and 0002, Mallory guesses the algorithm used for generating these serial numbers is a simple sequence and predicts that 0003 is a valid serial number, enters 0003 when prompted, and gets additional phone service. When Alice tries to use her card she discovers the value has been stolen from it and it is now worthless.

Countermeasures
A common approach to prevent predictable serial number attacks is to use a cryptographic hash function such as SHA-2 to generate the actual serial numbers. Internally, the issuing organization creates a (pseudo-)random nonce as a salt for generating the serial numbers, and keeps it secret. The issuer increments their internal serial number and appends it to the salt, and the computed message digest is used to create the actual serial number. The issuer does have to take care to prevent collisions between existing values so as not to wrongly issue two identical serial numbers.

Known attacks

 * Predictable serial numbers were used as a part of the counterfeit MD5 certificate attack.
 * An iPod repairman guessed valid serial numbers and used them to perpetrate a fraud against Apple.