Scribd
Upload
1K views4 pages

Sim Jacker Project Word File

Simjacker is a vulnerability discovered by AdaptiveMobile Security that allows a threat actor to spy on mobile phones through SMS messages. The vulnerability exploits SIM cards' SAT Browser software to retrieve a phone's location and IMEI and send it to the attacker without the user's knowledge. It is a sophisticated attack that has potentially affected over a billion people globally. The same technique could also be used to execute other attacks by modifying the attack message and using SIM Toolkit commands. Cathal McDaid of AdaptiveMobile Security is an expert in mobile network security and led the research on Simjacker.

Uploaded by

Smit Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
1K views4 pages

Sim Jacker Project Word File

Simjacker is a vulnerability discovered by AdaptiveMobile Security that allows a threat actor to spy on mobile phones through SMS messages. The vulnerability exploits SIM cards' SAT Browser software to retrieve a phone's location and IMEI and send it to the attacker without the user's knowledge. It is a sophisticated attack that has potentially affected over a billion people globally. The same technique could also be used to execute other attacks by modifying the attack message and using SIM Toolkit commands. Cathal McDaid of AdaptiveMobile Security is an expert in mobile network security and led the research on Simjacker.

Uploaded by

Smit Patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

CYBER SECURITY

Simjacker – Next Generation Spying


Over Mobile

⦁ Today we are announcing the existence of the vulnerability and


associated exploits that we call Simjacker. We believe this vulnerability has been
exploited for at least the last 2 years by a highly sophisticated threat actor in
multiple countries, primarily for the purposes of surveillance. Other than the impact
on its victims, from our analysis, Simjacker and its associated exploits is a huge jump
in complexity and sophistication compared to attacks previously seen over mobile
core networks.

How it Works

⦁ At its simplest, the main Simjacker attack involves a SMS containing a


specific type of spyware-like code being sent to a mobile phone, which
then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile
phone , in order to retrieve and perform sensitive commands.

⦁ The attack begins when a SMS - that we term the Simjacker ‘Attack
Message’ - is sent to the targeted handset. This Simjacker Attack Message, sent from
another handset, a GSM Modem or a SMS sending account connected to an A2P
account, contains a series of SIM Toolkit (STK) instructions, and is specifically
crafted to be passed on to the UICC/eUICC (SIM Card) within the device. In order for
these instructions to work, the attack exploits the presence of a particular piece of
software, called the SAT Browser - that is on the UICC. Once the Simjacker Attack
Message is received by the UICC, it uses the SAT Browser library as an execution
environment on the UICC, where it can trigger logic on the handset. For the main
attack observed, the Simjacker code running on the UICC requests location and
specific device information (the IMEI) from the handset. Once this information is
retrieved, the Simjacker code running on the UICC then collates it and sends the
GIDC DEGREE ENGINEEERING COLLEGE 1
CYBER SECURITY

combined information to a recipient number via another SMS (we call this the ‘Data
Message’), again by triggering logic on the handset. This Data Message is the method
by which the location and IMEI information can be exfiltrated to a remote phone
controlled by the attacker.
⦁ During the attack, the user is completely unaware that they received
the SMS with the Simjacker Attack message, that information was retrieved, and that
it was sent outwards in the Data Message SMS - there is no indication in any SMS
inbox or outbox.

GIDC DEGREE ENGINEEERING COLLEGE 2


CYBER SECURITY

What makes this Attack work and why is it Special?

⦁ The attack relies both on these specific SMS messages being allowed, and the
SAT Browser software being present on the UICC in the targeted phone. Specific SMS
messages targeting UICC cards have been demonstrated before on how they could
be exploited for malicious purposes. The Simjacker attack takes a different
approach, and greatly simplifies and expands the attack by relying on the SAT
Browser software as an execution environment. The SAT (pronounced sat) Browser
– or SIMalliance Toolbox Browser to give it its full name – is an application specified
by the SIMalliance, and can be installed on a variety of UICC (SIM cards), including
eSIMs. This SAT Browser software is not well known, is quite old, and its initial
purpose was to enable services such as getting your account balance through the
SIM card. Globally, its function has been mostly superseded by other technologies,
and its specification has not been updated since 2009, however, like many legacy
technologies it is still been used while remaining in the background. In this case we
have observed the SAT protocol being used by mobile operators in at least 30
countries whose cumulative population adds up to over a billion people, so a sizable
amount of people are potentially affected. It is also highly likely that additional
countries have mobile operators that continue to use the technology on specific SIM
cards.

Beyond Location

⦁ However, the novelty and potential of Simjacker does not stop there.
Retrieving a person’s location is one thing, but by using the same technique, and by
modifying the attack message, the attacker could instruct the UICC to execute a range of
other attacks. This is because using the same method the attacker has access to a range*
of STK command set some examples of these STK commands are:

 PLAY TONE
 SEND SHORT MESSAGE

GIDC DEGREE ENGINEEERING COLLEGE 3


CYBER SECURITY

 SET UP CALL
 SEND USSD
 SEND SS
 PROVIDE LOCAL INFORMATION
o Location Information, IMEI, Battery, Network, Language, etc
 SEND DTMF COMMAND
 LAUNCH BROWSER

Cathal Mc Daid
⦁ Cathal Mc Daid is the Chief Technology Officer at AdaptiveMobile Security. He
is one of the world’s foremost experts in mobile network signaling security. As CTO
his role is to define the technology strategy and long-term technical vision, as well
as to lead the team responsible for applied research in the fields of cybersecurity &
mobile networks. His pivotal work in the industry has been recognized by the GSM
Association where he is a primary contributor to the GSMA’s Fraud and Security
Group, including being editor and leading author of the SS7 Interconnect Security
Monitoring and Firewall Guidelines (FS.11).

GIDC DEGREE ENGINEEERING COLLEGE 4

You might also like