HOME

TheInfoList



Click Here for Items Related To - Simjacker
OR:
Simjacker on:   [Wikipedia]   [Google]   [Amazon]

Simjacker is a cellular software exploit for
SIM Cards A typical SIM card (mini-SIM with micro-SIM cutout) A file:Simkarte NFC SecureElement.jpg">thumb"> thumb">A TracFone Wireless SIM card has no distinctive carrier markings and is only marked as a "SIM card" A SIM card (full form Subscriber Ide ...
discovered by AdaptiveMobile Security. 29 countries are vulnerable according to
ZDNet ZDNET is a business technology news website owned and operated by Red Ventures. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication. H ...
. The vulnerability has been exploited primarily in Mexico, but also Colombia and Peru, according to the
Wall Street Journal ''The Wall Street Journal'' is an American business-focused, international daily newspaper based in New York City, with international editions also available in Chinese and Japanese. The ''Journal'', along with its Asian editions, is published ...
, where it was used to track the location of mobile phone users without their knowledge.


History

The vulnerability was discovered and reported to the
GSM Association The GSM Association (commonly referred to as 'the GSMA' or ''Global System for Mobile Communications'', originally ''Groupe Spécial Mobile'') is an industry organisation that represents the interests of mobile network operators worldwide. More ...
through its Coordinated Vulnerability Disclosure process by Cathal Mc Daid of AdaptiveMobile Security in 2019. It was first reported publicly on 12th September 2019. A technical paper and presentation was made available at the VirusBulletin conference on 3rd October 2019.


Technical information

The attack works by exploiting a vulnerability in a UICC/SIM Card library called the S@T Browser. A specially formatted binary
text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile devices, desktops/ laptops, or another type of compatible compu ...
is sent to the victim handset, which contains a set of commands to be executed by the S@T Browser environment in the UICC. As the S@T Browser environment has access to a subset of SIM Toolkit commands, the attackers used this vulnerability to instruct the UICC to request
IMEI The International Mobile Equipment Identity (IMEI) is a numeric identifier, usually unique, for 3GPP and iDEN mobile phones, as well as some satellite phones. It is usually found printed inside the battery compartment of the phone but can also ...
and
location information Mobile phone tracking is a process for identifying the location of a mobile phone, whether stationary or moving. Localization may be effected by a number of technologies, such as the multilateration of radio signals between (several) cell towers ...
from the handset via SIM Toolkit commands. Once this was obtained the UICC then instructs the handset to exfiltrate this information to the attackers within another text message. Other types of attacks are also possible using the S@T Browser, such as forcing a mobile device to open a webpage or to make a phone call. The attack differed from previously reported SIM Card attacks as those required the SIM key to be obtained. The Simjacker attack does not require a SIM key, only that the SIM Card has the S@T Browser library installed on it, and that the binary messages containing the S@T Browser commands can be sent to the victim. Simjacker was registered in the
Common Vulnerabilities and Exposures The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, mainta ...
database as CVEbr>2019-16256
and CVEbr>2019-16257
and by the
GSM Association The GSM Association (commonly referred to as 'the GSMA' or ''Global System for Mobile Communications'', originally ''Groupe Spécial Mobile'') is an industry organisation that represents the interests of mobile network operators worldwide. More ...
in its Coordinated Vulnerability Disclosure process as CVD-2019-0026


Impact

The vulnerability was estimated to affect UICCs in at least 61 mobile operators in 29 countries, with estimates between a few hundred million to over a billion SIM cards affected. The researcher reported that the most probable, conservative estimate is that mid to high hundreds of millions of SIM Cards globally are affected. The vulnerability was being actively exploited primarily in Mexico, with thousands of mobile phone users being tracked by a surveillance company over the previous 2 years using this exploit.


Mitigation

Mobile phone users can use a tool from SRLabs to see if their SIM Card is vulnerable.


References


External links


Official website
{{Compu-stub