The vulnerability of Simjacker can spread to more than 1 billion mobile phone users worldwide.

Vulnerability in SIM-cards, how to protect against Simjacker



The vulnerability of Simjacker can spread to more than 1 billion mobile phone users worldwide.
A new and previously unrecognized critical vulnerability has been discovered in SIM cards, which could allow remote attackers to compromise targeted mobile phones and spy on victims simply by sending an SMS message.
This vulnerability, dubbed “SimJacker,” is located in certain software called S @ T Browser (a dynamic toolkit for SIM cards) embedded in most SIM cards that is widely used by mobile operators in at least 30 countries and can be used no matter what phones the victims use.
Well, what's wrong with that? A special private company that works with governments has been actively exploiting the SimJacker vulnerability for at least the past two years to conduct targeted monitoring of mobile phone users in several countries.
S @ T Browser, short for SIMalliance Toolbox Browser, is an application that installs on various SIM cards, including eSIM, as part of the SIM Tool Kit (STK) and is designed to enable mobile operators to provide some basic services, subscriptions, and additional wireless services for its customers.

Because the S @ T Browser contains a number of STK instructions — such as sending a short message, setting up a call, launching a browser, providing local data, launching on command, and sending data — that can be caused by simply sending an SMS message to the device, the software offers a runtime environment to run malicious commands on mobile phones.

How does the Simjacker Vulnerability work?


Discovered by researchers from AdaptiveMobile Security in a new study published on September 12, 1919, the vulnerability can be exploited using a GSM modem for $ 10 to perform several tasks listed below on a target device by simply sending an SMS message containing a certain type of spy code .
  • Retrieving the location of the target device and IMEI information,
  • Spreading false information by sending fake messages on behalf of the victims,
  • Performing premium rate fraud by dialing premium rate numbers,
  • Spy on the surroundings of victims by ordering the device to call the attacker’s phone number,
  • The spread of malware, forcing the victim’s phone browser to open a malicious web page,
  • Perform denial of service attacks by disconnecting the SIM card and
  • Getting other information, such as language, type of radio, battery level, etc.

  • During the attack, the user is completely unaware that he received the attack, that the information was extracted and that it was successfully deleted,” the researchers explain.


    This attack is also unique in that the Simjacker attack message can be logically classified as carrying full malware load, especially spyware. This is because it contains a list of instructions that the SIM card must follow. Simjacker is the first real attack in which spyware is sent directly to SMS.
    Although technical details, a detailed document and proof of concept of the vulnerability are planned to be published in October this year, the researchers said they observed real attacks on users with devices from almost all manufacturers, including Apple, ZTE, Motorola, Samsung, Google, Huawei and even IoT with SIM cards.
    It turns out that all manufacturers and models of mobile phones are vulnerable to SimJacker attacks, since this vulnerability uses outdated technology built into SIM cards, the specification of which has not been updated since 2009, which potentially puts more than a billion people at risk.

    Simjacker Wildlife Vulnerability

    Researchers say that the Simjacker attack worked very well and has been used successfully for many years, "because it used a combination of sophisticated interfaces and obscure technologies, showing that mobile operators cannot rely on standard installed security features."

    Simjacker is a clear danger to mobile operators and subscribers. This is potentially the most sophisticated attack that has ever existed on major mobile networks. ”
    said Ketal MacDade, CTO at AdaptiveMobile Security, in a press release.





    “This is the main alarm signal that shows that hostile actors are investing heavily in increasingly sophisticated and creative ways to undermine network security.” This threatens the security and trust of customers, mobile operators and affects the national security of entire countries. "

    Moreover, now that this vulnerability has been publicly disclosed, researchers expect hackers and other attackers to "develop these attacks in other areas."

    Researchers have responsibly revealed the details of this vulnerability of the GSM Association, a trading organization representing the community of mobile operators, as well as the SIM alliance, representing the major manufacturers of SIM cards / UICC.

    SIMalliance acknowledged the issue and provided recommendations for security SIM card manufacturers for S @ T push messages.

    Mobile operators can also immediately eliminate this threat by setting up the process of analyzing and blocking suspicious messages containing S @ T browser commands.
    We, as a potential victim, as a user of a mobile device, can do nothing if we use a SIM card with S @ T Browser technology deployed on it, except for a request to replace our SIM card on which patented security mechanisms are installed.
    More information about Simjacker can be found at www.simjacker.com, and Katal MacDade, CTO of AdaptiveMobile Security, will introduce Simjacker at the Virus Bulletin Conference, London, October 3, 2019.
    Share To:

    Hackerbrother

    Post A Comment:

    0 comments so far,add yours