Simjacker
Simjacker is a cellular software exploit for SIM Cards discovered by AdaptiveMobile Security.[1] 29 countries are vulnerable according to ZDNet.[2] The vulnerability has been exploited primarily in Mexico, but also Colombia and Peru, according to the The Wall Street Journal ,[3] where it was used to track the location of mobile phone users without their knowledge.
History
The vulnerability was discovered and reported to the GSM Association through its Coordinated Vulnerability Disclosure process by Cathal Mc Daid of AdaptiveMobile Security in 2019.[4] It was first reported publicly on 12th September 2019.[5] A technical paper and presentation was made available at the VirusBulletin conference on 3rd October 2019.[6][7]
Technical information
The attack works by exploiting a vulnerability in a UICC/SIM Card library called the S@T Browser.[8] A specially formatted binary text message is sent to the victim handset, which contains a set of commands to be executed by the S@T Browser environment in the UICC. As the S@T Browser environment has access to a subset of SIM Toolkit commands, the attackers used this vulnerability to instruct the UICC to request IMEI and location information from the handset via SIM Toolkit commands. Once this was obtained the UICC then instructs the handset to exfiltrate this information to the attackers within another text message. Other types of attacks are also possible using the S@T Browser, such as forcing a mobile device to open a webpage or to make a phone call.[9]
The attack differed from previously reported SIM Card attacks as those required the SIM key to be obtained.[10] The Simjacker attack does not require a SIM key, only that the SIM Card has the S@T Browser library installed on it, and that the binary messages containing the S@T Browser commands can be sent to the victim.
Simjacker was registered in the Common Vulnerabilities and Exposures database as CVE-2019-16256[11] and CVE-2019-16257,[12] and by the GSM Association in its Coordinated Vulnerability Disclosure process as CVD-2019-0026[13]
Impact
The vulnerability was estimated to affect UICCs in at least 61 mobile operators in 29 countries, with estimates between a few hundred million to over a billion[14] SIM cards affected. The researcher reported that the most probable, conservative estimate is that mid to high hundreds of millions of SIM Cards globally are affected.[15]
The vulnerability was being actively exploited primarily in Mexico, with thousands of mobile phone users being tracked by a surveillance company over the previous 2 years using this exploit.[16]
Mitigation
Mobile phone users can use a tool from SRLabs to see if their SIM Card is vulnerable.[17]
References
- ↑ Goodin, Dan (2019-09-12). "Hackers are exploiting a platform-agnostic flaw to track mobile phone locations" (in en-us). https://arstechnica.com/information-technology/2019/09/hackers-are-exploiting-a-platform-agnostic-flaw-to-track-mobile-phone-locations/.
- ↑ Cimpanu, Catalin. "These are the 29 countries vulnerable to Simjacker attacks" (in en). https://www.zdnet.com/article/these-are-the-29-countries-vulnerable-to-simjacker-attacks/.
- ↑ Olson, Parmy (2019-09-13). "Hackers Use Spyware to Track SIM Cards" (in en-US). Wall Street Journal. ISSN 0099-9660. https://www.wsj.com/articles/hackers-use-spyware-to-track-sim-cards-11568400758.
- ↑ "GSMA Mobile Security Research Acknowledgements" (in en-GB). https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/.
- ↑ "Simjacker – Next Generation Spying Over Mobile | Mobile Security News | AdaptiveMobile" (in en). 11 September 2019. https://blog.adaptivemobile.com/simjacker-next-generation-spying-over-mobile.
- ↑ "Simjacker Technical Paper" (in en-EN). https://www.adaptivemobile.com/downloads/simjacker-technical-paper.
- ↑ "Virus Bulletin :: Simjacker - the next frontier in mobile espionage". https://www.virusbulletin.com/conference/vb2019/abstracts/simjacker-next-frontier-mobile-espionage.
- ↑ "Simjacker - Frequently Asked Questions and Demos | Mobile Security News | AdaptiveMobile" (in en). 11 September 2019. https://blog.adaptivemobile.com/simjacker-frequently-asked-questions.
- ↑ "Virus Bulletin :: Simjacker - the next frontier in mobile espionage". https://www.virusbulletin.com/conference/vb2019/abstracts/simjacker-next-frontier-mobile-espionage.
- ↑ (in en) Black Hat 2013 - Rooting SIM Cards, https://www.youtube.com/watch?v=scArc93XXWw, retrieved 2021-07-28
- ↑ "NVD - CVE-2019-16256". https://nvd.nist.gov/vuln/detail/CVE-2019-16256.
- ↑ "NVD - CVE-2019-16257". https://nvd.nist.gov/vuln/detail/CVE-2019-16257.
- ↑ "GSMA Mobile Security Research Acknowledgements" (in en-GB). https://www.gsma.com/security/gsma-mobile-security-research-acknowledgements/.
- ↑ September 2019, Anthony Spadafora 13 (2019-09-13). "Simjacker attack could affect a billion smartphones" (in en). https://www.techradar.com/news/simjacker-attack-could-affect-a-billion-smartphones.
- ↑ "Simjacker - VB2019 Presentation". https://www.virusbulletin.com/uploads/pdf/conference_slides/2019/VB2019-Mc-Daid.pdf.
- ↑ "Majority of Simjacker Attacks Aimed at Mobile Phones in Mexico | SecurityWeek.Com". https://www.securityweek.com/majority-simjacker-attacks-aimed-mobile-phones-mexico.
- ↑ "New SIM attacks de-mystified, protection tools now available". https://www.srlabs.de/bites/new-sim-attacks.
External links
Original source: https://en.wikipedia.org/wiki/Simjacker.
Read more |