Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Privacy Technology

New Simjacker Attack Exploited In the Wild To Track Users For At Least Two Years (zdnet.com) 15

Security researchers have disclosed today a major SMS-based attack method being abused in the real world by a surveillance vendor to track and monitor individuals. An anonymous reader shares a report: "We are quite confident that this exploit has been developed by a specific private company that works with governments to monitor individuals," security researchers from AdaptiveMobile Security said in a report. "We believe this vulnerability has been exploited for at least the last 2 years by a highly sophisticated threat actor in multiple countries, primarily for the purposes of surveillance."

The attack, named Simjacker, works by attackers sending SMS messages to victims' phones. The SMS messages contain STK instructions that are run by a victim's SIM card to gather location data and the IMEI code, which is then sent through an SMS message to a logging system. Researchers said they've seen Simjacker being abused to track hundreds of victims for two years, yet it is unclear if the victims are criminals tracked by law enforcement, or dissidents tracked by oppressive regimes. Over one billion smartphone users use SIM cards deemed vulnerable to this attack.

This discussion has been archived. No new comments can be posted.

New Simjacker Attack Exploited In the Wild To Track Users For At Least Two Years

Comments Filter:
  • by Chromal ( 56550 ) on Thursday September 12, 2019 @12:23PM (#59186416)
    If you know which firm of exploitative sociopathic bastards are responsible, why are you disclosing the name, location, and principle figures responsible for this atrocity against privacy made in support of authoritarianism invasion of violation of Constitutional protections? Nondisclosure is a collaboration with an attack upon liberal democracy. If the world knew which company, individual, and nation-state actors were involved, perhaps it could be impressed upon them that it's advisable they should retire and seek an honest decent non-predatory line of work.
    • by Ungrounded Lightning ( 62228 ) on Thursday September 12, 2019 @01:06PM (#59186754) Journal

      If you know which firm of exploitative sociopathic bastards are responsible, why are you [not] disclosing the name, location, and principle figures responsible for this atrocity against privacy made in support of authoritarianism invasion of violation of Constitutional protections?

      Probably because they are "quite confident" they know who did it, but don't have enough evidence to defend themselves from a defamation suit by a deep-pockets security vendor in a battle for its life, backed by multiple state-level operations - nor any interest in spending their time and money fighting one, rather than hunting for more threats.

      By disclosing the attack information they are raising a volunteer army to spike the operation and/or bring the suit.

      Nondisclosure is a collaboration ...

      One of the big differences between US law and British common law is that the US generally does not have "Misprison of Felony" style laws applying to ordinary citizens (rather than, say, government officers as part of their jobs, who might be charged with {mis,mal}feasance in public office). Witnesses to a crime are generally NOT required to be heroes by reporting any felony they observe, risking their lives against retaliation by murderous individuals, gangs, and other conspirators to do the government's work in bringing their competition to heel.u

      You get to chose whether you want to be a hero or a background figure.

      (The offence has also been abolished in most of the British Commonwelth countries, though in some of them has been replaced by a similar statute.)

      • a hero or a background figure

        Okay, this is too much. I know that the word "hero" has degraded to the point where we're calling every soldier, police officer, life guard, and emergency worker a hero, for doing no more than the bare minimum of what their job requires, but there is no binary here. This is not a choice between being a heroic figure and a person of pure self-interest.

        Reporting a crime is not generally an act of heroism, it's an act of minimal civic duty. Yes there is the rare circumstance where a witness is threatened, a

    • In the scenario, there is an 'attacker' and an 'accomplice'. Note that both could be your cellco. Note that neither have to be cellco as long as you understand that SS7 is not secure. The attack only requires your cellco number. This is a SIM backdoor, exploitable by anyone that has the SS7 access.
  • ntr

  • Mystery solved. Now do something about it.

  • This seems to be a bit of a tease, like who is doing this for whom and of course, Which SIM Cards are Vulnerable?

    • by Anonymous Coward
      Most spyware vendors are based in Israel and the article lists Middle East countries as having vulnerable telcos. Connect the dots.
  • You've just handed a tracking tool to all the evil companies like Google that may actually have been unaware of it before now.
  • by tombeard ( 126886 ) on Thursday September 12, 2019 @04:22PM (#59188046)

    I have always thought that SMS must contain operating instructions for phones, but I have never found any information about it. This "STK instruction" set is a clue that I can't follow. Any hints?

    • Your SIM is a processor. https://thehackernews.com/2019... [thehackernews.com] This flawed insecure design has been around a decade. I'll bet that this will make rooting easier.
    • by Pat__ ( 26992 )

      Here is the spec:
      https://portal.3gpp.org/deskto... [3gpp.org]

      Section 9 Call control and MO SMS control by SIM

      Btw if i understand things correctly it is not a new exploit... the spec explicitly allows for this...
      The problem is that the spec allows different levels of security. From only accepting cryptographically signed messages ... to accepting any message.
      Apparently some operators out of laziness accept unsigned messages on their SIM cards.

      Here is a report about one operator in my home country admitting they were ta

  • And we still have to face these Windows 95 like "The SMS messages contain STK instructions that are run by a victim's SIM card" threats?
  • or dissidents tracked by oppressive regimes. Over one billion smartphone users use SIM cards deemed vulnerable to this attack.

    Which country has a billion people, an oppressive regimes and is worried about dissidents?
    *chough China. Or is it just a deflection because everyone knows 5 eyes nations do this type of thing routinely.

The more they over-think the plumbing the easier it is to stop up the drain.

Working...