Title updated accordingly, as this is not actually a "new" attack. Updated at 1:00pm ET with info on Alecu's 2011 research on SIM Toolkit (STK) attacks. The AdaptiveMobile research team will be discussing and presenting more on the Simjacker attacks and their findings at the VirusBulletin 2019 security conference that is going to be held in London, in October, this year. They've been known, at least at the theoretical level, since 2011, when Romanian security researcher Bogdan Alecu first described how a malicious actor could abuse STK commands to subscribe users to premium numbers. It's just that a threat actor found a way to weaponize STK instructions. In fact, the Simjacker attacks aren't actually new. For example, Simjacker could also be used for misinformation campaigns (for sending SMS/MMS messages with fake content), financial fraud (dialing premium numbers), espionage (initiating call and listening on nearby conversations), and sabotage (by disabling a target's SIM card), among many others. Other Browser supported commands include the ability to make calls, power off SIM cards, run AT modem commands, open browsers (with phishing links or on sites with exploit code), and more.ĪdaptiveMobile warns that this technology and this attack could be useful for more than just surveillance, and other threat actors could soon abuse it as well. Note that some versions of iOS are based on the same bootloader version. According to a source who spoke with ZDNet, the impacted countries are in the MENA (Middle East North Africa) region, and a few in Asia and Eastern Europe.įurthermore, the Browser technology supports more than the commands abused by the attackers - namely those to retrieve location data and IMEI codes, and send an SMS message. How can one determine the version of iOS based on the bootloader version While Elcomsoft iOS Forensic Toolkit 6.71 and newer will display the corresponding version automatically, you can also use the table available in iBoot (Bootloader) The iPhone Wiki. These countries, researchers said, have a cumulative population of over one billion, all of whom are exposed to this silent surveillance method. "Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background."ĪdaptiveMobile said it has seen the Browser technology active on the network of mobile operators in at least 30 countries around the globe. "This Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card," researchers said. The vulnerability at the heart of the Simjacker attack should have been easily prevented if mobile operators would have shown some restraint into what code they put on their SIM cards.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |