Jump to content
Login new information ×
Login new information

SIM-based attack has been used to spy on people for two years

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Simjacker theoretically affects most phones.

 

1568553927521858226762754005.jpg

 

In a few cases,your SIM card may pose more of a security risk than your phone's software. AdaptiveMobile Security researchers say they've discovered a new vulnerability, nicknamed Simjacker, that's being used to surveil people's devices by an unnamed surveillance company. The technique sends SMS messages containing instructions for an old S@T Browser app supported on some carriers' SIM cards. Where S@T was originally intended to launch browsers, play sounds or otherwise trigger common actions on phones, Simjacker uses it to obtain location info and IMEI numbers that are later sent to an "accomplice device" (again using SMS) that records the data.

 

Crucially, the approach is silent. While it does use SMS, you won't get notifications. An intruder can obtain frequent updates without giving away their activity. The exploit is also device-agnostic, and has been used against iPhones, numerous brands of Android phones and some SIM-equipped Internet of Things devices.

 

And it's not just a theoretical exercise. The surveillance company has reportedly been using Simjacker in 30-plus countries (mainly in the Middle East, North Africa, Asia and eastern Europe) for a minimum of two years. While most targets were 'only' checked a few times per day over long stretches of time, a handful of people were targeted hundreds of times over the space of a week -- 250 in the case of the most prominent target. It's not believed to be a mass surveillance campaign, but AdaptiveMobile also hasn't said whether this was being used for tracking criminals or more nefarious purposes, like spying on political dissidents. The company is mounting a "highly sophisticated" operation, AdaptiveMobile said.

 

It should be possible for networks to thwart these attacks. Simjacker is sending code rather than everyday text, so it should be feasible to block the code. It may be difficult to coordinate that response, though, when the affected countries have a total population of a billion. And while you're not likely to be targeted by this particular organization, there's nothing precluding a similarly capable attacker from launching a wider campaign. It may be a long while before you can assume your SIM isn't a potential weakness.

 

Source

Link to comment
Share on other sites
  • Replies 4
  • Views 937
  • Created
  • Last Reply
nsan3

nsan3

Posted
Posted

Any info on what carriers this has been used? This is worrying for the most part, but wont Avast/Norton/MalwareBytes/ESET pick this up on the mobile device?

Link to comment
Share on other sites
zanderthunder

zanderthunder

Posted
Posted
7 hours ago, nsan3 said:

Any info on what carriers this has been used? This is worrying for the most part, but wont Avast/Norton/MalwareBytes/ESET pick this up on the mobile device?

 Also, wondering how iOS and Android failed to address this issue after two years.

Link to comment
Share on other sites
steven36

steven36

Posted
  • Author
Posted
10 hours ago, nsan3 said:

Any info on what carriers this has been used? This is worrying for the most part, but wont Avast/Norton/MalwareBytes/ESET pick this up on the mobile device?

They not allowed to give out that info because it's not patched yet .

 

Quote

A SIM or eSIM, since it performs management functionality. Basically, the only thing you can do is wait for carriers and Android to patch it, since even the GSM Association and SIM Alliance have to work on a resolution.

https://old.reddit.com/r/GooglePixel/comments/d3rwpu/do_the_pixel_234_esims_use_the_st_browser/f04w58w/

 

Quote

For mobile operators, this also means that relying on existing recommendations will not be sufficient to protect themselves, as attackers like these will always evolve to try to evade what is put in place. Instead mobile operators will need to constantly investigate suspicious and malicious activity to discover ‘hidden’ attacks. We can and should expect other vulnerabilities and attacks that also evade existing defences to be discovered and abused. As the attackers have expanded their abilities beyond simply exploiting unsecured networks, to now cover a very complex mix of protocols, execution environments and technologies to launch attacks with, Operators will also need to increase their own abilities and investment in detecting and blocking these attacks.

 

Quote

We are only scratching the surface of Simjacker in this article. In our presentation at Virus Bulletin Conference, London, on the 3rd of October 2019 we will give more details on the format of the attacks, what the attackers do to attempt to evade detection and how they operate their system, along with a flavour of what has been their reaction since their attacks have been detected and blocked. We will also give our view on what we believe these attacks will evolve into next. We expect a reaction from this news being made public and we will present on what (if any) the public revelations have on their malicious activity.

https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...