Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Simjacker attack exploited in the wild to track users for at least two years

September 15, 2019
in Internet Security
Simjacker attack exploited in the wild to track users for at least two years
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: AdaptiveMobile Security

Security researchers have disclosed today an SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals.

“We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals,” security researchers from AdaptiveMobile Security said in a report released today.

You might also like

Microsoft: We’re cracking down on Excel macro malware

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

Google patches actively exploited Chrome browser zero-day vulnerability

“We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance.”

Researchers described this attack as “a huge jump in complexity and sophistication” compared to attacks previously seen over mobile networks and “a considerable escalation in the skillset and abilities of attackers.”

How Simjacker works

Simjacker begins with an attacker using a smartphone, a GSM modem, or any A2P (application-to-person) service to send an SMS message to a victim’s phone number.

These SMS messages contain hidden SIM Toolkit (STK) instructions that are supported by a device’s S@T Browser, an application that resides on the SIM card, rather than the phone.

The S@T Browser and the STK instructions are an old technology supported on some mobile networks and their SIM cards. They can be used to trigger actions on a device, like launching browsers, playing sounds, or showing popups. In the old age of mobile networks, operators used these protocols to send users promotional offers or provide billing information.

But AdaptiveMobile said the Simjacker attacks it observed abused this mechanism to instruct a victim’s phones to hand over location data and IMEI codes, which the SIM card would later send via an SMS message to a third-party device, where an attacker would log the victim’s location.

simjacker-attack-wild.jpg

Image: AdaptiveMobile Security

To make matters worse, the Simjacker attack is completely silent. Victims don’t see any SMS messages inside their inboxes or outboxes. This allows threat actors to continously bombard victims with SMS messages and keep track of their location as they move through the day, week, or month.

Furthermore, because Simjack exploits a technology residing on the SIM card, the attack also works independently of the user’s device type.

“We have observed devices from nearly every manufacturer being successfully targeted to retrieve location: Apple, ZTE, Motorola, Samsung, Google, Huawei, and even IoT devices with SIM cards,” researchers said.

The only good news is that the attack doesn’t rely on regular SMS messages, but more complex binary code, delivered as an SMS, which means network operators should be able to configure their equipment to block such data traversing their networks and reaching client devices.

Active Simjacker attacks detected

Because AdaptiveMobile has not shared the name of the company performing these attacks, it is unclear if this vulnerability is being used to track criminals or terrorists, or abused to track dissidents, journalists, or political opponents.

Nevertheless, AdaptiveMobile said Simjacker attacks are happening on a daily basis, in large numbers.

In most cases, phone numbers are tracked a few times a day, for long periods, rather than multiple times per day.

However, researchers said that a few phone numbers had been tracked hundred times over a 7-day period, suggesting they belonged to high-value targets.

simjacker-victims.png

Image: AdaptiveMobile Security

“These patterns and the number of tracking indicates it is not a mass surveillance operation, but one designed to track a large number of individuals for a variety of purposes, with targets and priorities shifting over time,” AdaptiveMobile researchers said.

Simjacker is the result of improvements to mobile networks

The mystery remains about who developed this attack, but AdaptiveMobile said the private company was an expert in the field.

“As well as producing this spyware, this same company also have extensive access to the SS7 and Diameter core network, as we have seen some of the same Simjacker victims being targeted using attacks over the SS7 network as well, with SS7 attack methods being used as a fall-back method when Simjacker attacks do not succeed,” AdaptiveMobile said.

“We believe that the Simjacker attack evolved as a direct replacement for the abilities that were lost to mobile network attackers when operators started to secure their SS7 and Diameter infrastructure,” researchers said.

However, while attacks on the SS7 and Diameter protocols involved deep knowledge of mobile networking protocols and expensive gear, the Simjacker attack is far simpler and cheaper. All it takes is a $10 GSM modem and a victim’s phone, researchers said.

Ancient protocol

The vulnerability at the heart of the Simjacker attack should have been easily prevented if mobile operators would have shown some restraint into what code they put on their SIM cards.

“This S@T Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card,” researchers said.

“Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background.”

AdaptiveMobile said it has seen the S@T Browser technology active on the network of mobile operators in at least 30 countries around the globe. These countries, researchers said, have a cumulative population of over one billion, all of whom are exposed to this silent surveillance method. According to a source who spoke with ZDNet, the impacted countries are in the MENA (Middle East North Africa) region, and a few in Asia and Eastern Europe.

Furthermore, the S@T Browser technology supports more than the commands abused by the attackers — namely those to retrieve location data and IMEI codes, and send an SMS message.

Other S@T Browser supported commands include the ability to make calls, power off SIM cards, run AT modem commands, open browsers (with phishing links or on sites with exploit code), and more.

AdaptiveMobile warns that this technology and this attack could be useful for more than just surveillance, and other threat actors could soon abuse it as well. For example, Simjacker could also be used for misinformation campaigns (for sending SMS/MMS messages with fake content), financial fraud (dialing premium numbers), espionage (initiating call and listening on nearby conversations), and sabotage (by disabling a target’s SIM card), among many others.

In fact, the Simjacker attacks aren’t actually new. It’s just that a threat actor found a way to weaponize STK instructions. They’ve been known, at least at the theoretical level, since 2011, when Romanian security researcher Bogdan Alecu first described how a malicious actor could abuse STK commands to subscribe users to premium numbers [1, 2].

The AdaptiveMobile research team will be discussing and presenting more on the Simjacker attacks and their findings at the VirusBulletin 2019 security conference that is going to be held in London, in October, this year.

Updated at 1:00pm ET with info on Alecu’s 2011 research on SIM Toolkit (STK) attacks. Title updated accordingly, as this is not actually a “new” attack.

Credit: Zdnet

Previous Post

IoT - where are the stream analytics use cases?

Next Post

EdX, Ivy Professional School, NobleProg – Wheel Chronicle

Related Posts

Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
Google patches actively exploited Chrome browser zero-day vulnerability
Internet Security

Google patches actively exploited Chrome browser zero-day vulnerability

March 4, 2021
High severity Linux network security holes found, fixed
Internet Security

High severity Linux network security holes found, fixed

March 4, 2021
Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies
Internet Security

Google takes next steps towards ‘privacy-first’ web devoid of third-party cookies

March 4, 2021
Next Post
EdX, Ivy Professional School, NobleProg – Wheel Chronicle

EdX, Ivy Professional School, NobleProg – Wheel Chronicle

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

How to Change the WordPress Admin Login Logo
Learn to Code

React authentication, simplified

March 4, 2021
Six courses to build your technology skills in 2021 – IBM Developer
Technology Companies

Kafka Monthly Digest – February 2021 – IBM Developer

March 4, 2021
Microsoft: We’re cracking down on Excel macro malware
Internet Security

Microsoft: We’re cracking down on Excel macro malware

March 4, 2021
Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit
Internet Privacy

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

March 4, 2021
Could Privacy-Preserving, Machine-Learning Tools Recover Private Data? [STUDY]
Machine Learning

Could Privacy-Preserving, Machine-Learning Tools Recover Private Data? [STUDY]

March 4, 2021
Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill
Internet Security

Twitter and Twitch added to list of those concerned with Australia’s Online Safety Bill

March 4, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • React authentication, simplified March 4, 2021
  • Kafka Monthly Digest – February 2021 – IBM Developer March 4, 2021
  • Microsoft: We’re cracking down on Excel macro malware March 4, 2021
  • Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates