• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

A Silent Mobile Threat: Simjacker

September 13, 2019 By Emil Hozan

This post should not be confused with my previously written article about SIM-jacking and should be taken way more seriously. Researchers at AdaptiveMobile Security recently went public with a new but silent threat: Simjacker. To qualify the more serious threat factor, this attack is advanced and reveals a flaw within SIM card implementations, as well as requiring minimal user interaction – if at all. It leaves no trace of targeting or attacking a cellular device.

 

Sparing the technical details, this attack starts with threat actors forming a special SMS message that targets the victim’s SIM card. When the message is retrieved by the victim’s phone, it exploits what’s known as the S@T Browser that’s located on the SIM card itself. The S@T Browser is essentially an interface into the SIM card’s stored commands. Therefore, the SIM cards’ preloaded commands are readily available to the attacker. After the SIM card gets the message, the attacker uses the S@T Browser library to execute further malicious actions such as requesting the phone reply back with a devices IMEI number and location. A worthy note here is that the SIM card operates independently than the handset itself, so messages sent this way do not even appear in a user’s messaging inbox.

 

AdaptiveMobile Security’s researchers have claimed that this may be the first real-life case of malware being sent via SMS. Previous SMS malware was phishing attempts of sorts, linking unsuspecting victims to an attacker-controlled web server. In Simjackers case, the payload is actually stored within the SMS itself. ZDNet states that this theorical attack tactic was known back in 2011 when a Romanian security researcher by the name of Bogdan Alecu first described how one could abuse these commands.

 

Target device models include many top brand phones: Apple, Samsung, Google, etc. The threat was identified in 30 countries whose populations add up to over 1 billion people. ZDNet claims that a source informed them that the targeted countries are within the Middle East North Africa (MENA) region, with some in Asia as well as Eastern Europe.

 

As for blocking this attack, researchers propose disabling S@T Browser functionality all together, it’s an almost obsolete technology anyway and its specification hasn’t been updated since 2009. Further, after researchers reported these issues to SIMalliance, the body which specified this application, SIMalliance has proposed a few fixes as well. For instance, blocking illegitimate binary SMS messages at the network level is a start. Another option is securing the SIM card via the Minimum Security Level, which specifies the level of security to be applied to packets sent to a receiving application. You can read more about this on page 8 of this technical specification paper.

Share This:

Related

Filed Under: Editorial Articles Tagged With: mobile security, mobile threats, SIM Hack, SIM Heist

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Weaponizing WinRAR
  • The Qakbot Takedown
  • iPhone’s Latest 0-Day
  • Meta’ One Good Deed

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Meta’ One Good Deed
  • iPhone’s Latest 0-Day
  • The Qakbot Takedown
  • Weaponizing WinRAR
  • U.S. Cyber Trust Mark
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use