Home
Artists
Search
Recent
Random
Posts
DMs
Tags
Random
Importer
Import
FAQ
Account
Register
Favorites
Login
S@T Browser SimJacking Details - Threatwire Crosspost (Patreon)
Downloads
Content
By Shannon Morse, Threatwire
Shoutout to DeadRobot on Patreon for sharing this story: Researchers at Adaptive Mobile Security published research last week about a new attack they dubbed SimJacker, which can allow an attacker to compromise a target mobile phone just by sending an SMS. This sounded pretty dubious so I wanted to dig a little deeper into the story.
The vulnerability is part of a flaw found within software called the S@T Browser, or SIMalliance Toolbox Browser, which is a dynamic SIM toolkit. This software is embedded on SIM cards being used in 30 countries and can be exploited remotely on any smartphone. The SIM Tool Kit (or STK) comes on physical SIM cards as well as eSIMs, and allows for over the air changes to subscriptions and services.
The STK can allow for commands to be sent via SMS to the device - like setting up a call, launching the browser, and provided local data. It impacts SIMs that have the S@T Browser because they don’t check the origin of messages, but also allow data downloads via SMS. The STK instructions craft messages that are sent to the device and the STK library is used as an execution environment, so commands are triggered.
Because of this, a malicious actor could also use the SMS environment to send commands meant to infect or surveil the device as well. An attacker would need simply a $10 GSM modem to do things such as steal IMEI info, spread fake messages, dial premium rate numbers, spy on the victims surroundings, spread malware, disable the SIM, and retrieve device info. To be clear, just because an attacker uses the SMS environment doesn’t actually mean you’d see a text message. It could be completely hidden from the victim the whole time.
The paper outlines basic information on the attack and how it is performed, but leaves out technical details which will be announced later in October. With that said, researchers believe they’ve already seen real world examples of SimJacker being used against Apple, ZTE, Samsung, Google, Huawei, Motorola, and also IoT devices with SIMs.
The researchers even found that a private company has been using SimJacker for at least two years to conduct targeted surveillance on victims in many countries with government assistance. They believe that the attack was also developed by the private company.
The STK technology hasn’t been updated since 2009, so it’s a decade old. It puts a billion people at risk of infection without even knowing it’s occurring. All information was disclosed to the GSM Association and the SIM alliance representing the SIM Card and UICC manufacturers and the SIM Alliance has already provided recommendations to manufacturers. Mobile operators can mitigate the problem by analyzing and blocking suspicious messages that contain the S@T Browser commands. As for users, you’d need to request replacement SIMS that have updated security in place, but that may not be available at this time.
Links:
Support me on alternative platforms! https://snubsie.com/support
https://www.youtube.com/shannonmorse -- subscribe to my new channel!
ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire
Links:
https://thehackernews.com/2019/09/simjacker-mobile-hacking.html
https://threatpost.com/1b-mobile-users-vulnerable-to-ongoing-simjacker-surveillance-attack/148277/
https://www.cyberscoop.com/simjacker-mobile-phone-vulnerability/