sim-jacker update

[theapache64]

Website: https://simjacker.com :globe_with_meridians: News : https://thehackernews.com/2019/09/simjacker-mobile-hacking.html :newspaper: Reddit : https://www.reddit.com/r/simjacking

What do you have ?

[Romulus968]

What do I have?

Your repository cause we're in the same kayak on Shit River with no paddle.

[Romulus968]

I think Cellebrite is likely the "surveillance vendor" that is mentioned in these articles based on their current capabilities.

What I know:

• The attacker sends an SMS with hidden instructions from the Sim App Toolkit

• Phone receives SMS, S@T Browser on the SIM recognizes the commands

• The attacks are completely silent. The victim never receives a message in their inbox.

• The attack targets the S@T Browser, meaning it doesn't matter what kind of device the user is on

• Attacks are accomplished via sending binary code

• We likely won't ever see official source code, but we are surrounded by very intelligent people and someone will replicate this attack in time.

[theapache64]

@Nic8895

We likely won't ever see official source code, but we are surrounded by very intelligent people and someone will replicate this attack in time.

I be waitin' fer that moment!! :clock1:

Anyways, thanks fer yer update matey :skull_and_crossbones:

[AadeshGurav]

Hey bro i am from know_where so i am able to access a network tower near my home which basically provides calling, sms services and GPRS Services so what i am asking is, can we add a backdoor to it accessing the whole area network as they use windows server edition pls reply I'll have my eyes on this thread

[bbaranoff]

hello got this from positive technologies Dear Bastien Baranoff,  

Good news for Friday the 13th! We've decided to drop a webinar on mitigating the recently uncovered Simjacker vulnerability next Thursday, September 19. 

 

The Positive Technologies team has years of sustained experience with analyzing vulnerabilities of all kinds. Back in 2014, our experts published the report "4G Security: Hacking USB Modem and SIM Card via SMS," in which they stressed the possibility of precisely such attacks and how a hacker could perform them. Even better, our product has already been tested and proven to secure systems from the latest "Simjacker" attacks.

 

During the webinar, our experts will role-play the attack process, show the must-know details and specifics, and give recommendations on how to prevent your network from being hacked by Simjacker. 

[theapache64]

@Aadesh9985 What do you mean by "able to access a network tower" ? What kind of access do you have ? remote, physical or both ?

@bbaranoff That's some great news. I'd really love to watch the event. Do they have any plan on live streaming the event ?

[Romulus968]

hello got this from positive technologies Dear Bastien Baranoff,

Good news for Friday the 13th! We've decided to drop a webinar on mitigating the recently uncovered Simjacker vulnerability next Thursday, September 19.

The Positive Technologies team has years of sustained experience with analyzing vulnerabilities of all kinds. Back in 2014, our experts published the report "4G Security: Hacking USB Modem and SIM Card via SMS," in which they stressed the possibility of precisely such attacks and how a hacker could perform them. Even better, our product has already been tested and proven to secure systems from the latest "Simjacker" attacks.

During the webinar, our experts will role-play the attack process, show the must-know details and specifics, and give recommendations on how to prevent your network from being hacked by Simjacker.

I'm curious as to how they're going to go about mitigating threats to S@T w/o reissuing SIM cards or forcing carrier to block S@T commands OTA, which ain't gonna happen because S@T is used in part of the process of updating Android devices OTA.

[bbaranoff]

@theapache64 i was invited by mail i have a token but it is personnal maybe by subscribing to positive technologies you will have one

[theapache64]

@bbaranoff I searched for the event here, but they didn't officially listed it there. I've contacted them via twitter and currently waiting for their reply. I'll definitely update their response here.

[bbaranoff]

@theapache64 maybe try that contact@positive-tech.com

[bbaranoff]

@Aadesh9985 you mean that you have made imsi catcher? you want to know if you can access to shell with it i am asking the same...

[bbaranoff]

i don't know if there is personnal cookies here but i shared for the love of information you can subscribe at the webinar here https://hs-6022457.t.hubspotstarter-ij.net/e2t/c/*W5GtnHw3r9Mm1W8XbcgY991Qtx0/*W7wkqw764pWq0W8WPsJP22TKDT0/5/f18dQhb0Sq5w8YHrCHN8t4ZczHyjJqW8qC89C3LyBpnW3hHhbQ5zh-NRVnQ9Qq8-LqRQW4dPXKZ8--v1pW1Txv798Ywj4mW1VJSg2567DzRVsgYCn56Bsf7W2Rxf3B78Kc8kW12Q-yq2f-ZBxW5pfQN35mZ9RMW7qjTB97qp6PBW4bH_qw2N33B5W3_t0gL32Gf2QW4dy5FS1kXfytW1SdKWJ1m2kWgW8Xl1bl8W1M0pW4srmsj6gXBFnN67h1zcQC5z2VPC2cV7flNcHW3Lt9Y23PHktfN6SfbsHgBSSdW964sC736p5J1W6T0lCR994443W94wcjZ8q-t2KN39SYcH7YFBYW1rGnpT2CTTHvW25MxWJ4VT6xnW4pPWTW1kl7Z6W5C3gbQ4XzrhpW4Vmy433MNlQ7VgMCQG4rHfJ6W1rLXSD3l09HBVbV_H35v-xbHW5HFsGK8dZNd1W4Pw1Vk2sbPxnVqV10K3CdJqgW3VV9cn2-BbBHW3jNnjl7jTn9GW96L2lj31GHfxW124NqL1Hdx05W4H7Wmx4MqSD_W2j7NY64HxPjzW519knw85v0x3W723QBb71wShbTfK5B7X1nzn103

[theapache64]

@bbaranoff Thank you so much for the link. I appreciate that.

@bbaranoff Can I post the link in our reddit thread ?

[bbaranoff]

@theapache64 yes you can post it to reddit

[Valen3D]

Someone got's new informations about simjacker ? I so scary to see the binary code on internet... it's possible?

[AadeshGurav]

@theapache64 i have physical access to it and the person who is in charge is my friend so he will let me in without doubt. What my questions are 1) Can we create a backdoor to windows server 2) What we can do after getting the access to the network tower. Contact me at infinitytechz8@gmail.com

[theapache64]

@Valen3D Everyone's waiting for the binary, or at least a POC @Aadesh9985 Off-topic + I don't have any knowledge on cell tower software stack. Maybe you can get help from r/CellTowers, also please let me know personally once you got any information on this (seriously curios :rocket: )

[Valen3D]

I have a question. How can use thats? Juste send the message binary ? How the informations can come ( localisation for exemple) by sms ?

[RealAlphabet]

I found this https://www.simalliance.org/files/S@T/S@T_Specifications_2007/S@T%2001.20%20v3.0.0%20(Release%202007).pdf

[bbaranoff]

Think the attack is based on those previous works : https://hackinparis.com/data/slides/2015/timur_yusinov_root_via_sms.pdf https://media.blackhat.com/us-13/us-13-Nohl-Rooting-SIM-cards-Slides.pdf https://www.youtube.com/watch?v=31D94QOo2gY https://www.youtube.com/watch?v=A5l8YCCYxrc https://opensource.srlabs.de/projects/simtester https://osmocom.org/projects/baseband/wiki/SoftSIM

[bbaranoff]

To send binary sms via osmocomBB see this https://translate.google.com/translate?sl=auto&tl=fr&u=https%3A%2F%2Fcn0xroot.com%2F2016%2F12%2F09%2Fgsm-hacking%25ef%25bc%259athe-application-of-silent-sms-in-technical-investigation%2F

[bbaranoff]

like it is said quote "Disclosed by researchers at AdaptiveMobile Security in new research published today, the vulnerability can be exploited using a $10 GSM modem to perform several tasks, listed below, on a targeted device just by sending an SMS containing a specific type of spyware-like code." unquote I am quite sure that the 10$ gsm modem is an osmocom compatible phone aka motorola c1xx series see here if you want to buy one https://osmocom.org/projects/baseband/wiki/Phones

[AadeshGurav]

@theapache64 u are my source to this topic, well i am looking for other things too. I'll inform as soon as i get something valuable

[Gh0st001]

any one

[bbaranoff]

made a video of SIMTester https://youtu.be/CTDiT6L46k8

[sebastiannielsen]

which ain't gonna happen because S@T is used in part of the process of updating Android devices OTA.

would be easy for the carrier to block S@T for everyone else except authorized (whitelisted) numbers/SMS-centers which belong to mobile manufacturers and carriers, who need to OTA update things.

[Tit-7]

Hi guys. I'm from Russia. I've just joined to you, and have found very much interested info. Well, i'm using in a theme of hacking the telegram messenger by gathering up the control of the sim. Three days ago i've find out some info about sim-jacker attac. So, this night i'll analyse your posts here))0) Waiting for news, guys!

[Tit-7]

Guys, i gonna found some info about people, were under attack. Maybe we can ask for detalyse of ussd (sim-jacker) codes, gone onto their sim. If u'll found some info about that, please ping me ;]

[bbaranoff]

Made a video about loading an STK applet on sim with ShadySim https://youtu.be/F55eJr40CoQ

[theapache64]

@bbaranoff Good work brother

[jptosso]

https://github.com/E3V3A/gsm-parser/blob/master/sms.c seems useful

[bbaranoff]

got this from Positives Technologies : me "Thank you... As I think as I have understood you test the vulnerability with a tool like SIMTester Nohl's app then you send a binary sms with osmocombb based on the work like shadysim specific to S@T am I wrong?" them: "Not exactly, join our webinar and have our experts explain it step by step" i get close...

[Tit-7]

https://github.com/Shadytel/sim-tools/tree/master/shadysim/pySim @bbaranoff Bro, i saw your video, not bad i think. Well, i was interested, what was that shady sim tech. So, i've found that. (Check link) I think it'll be interesting, guys. (Please ping me to explain if it's about our theme)

[Tit-7]

получил это от Positives Technologies: me "Спасибо ... Как я думаю, насколько я понял, вы тестируете уязвимость с помощью такого инструмента, как приложение SIMTester Nohl, а затем отправляете бинарную смс с osmocombb на основе работы, подобной shadysim, специфичной для S @ T Я ошибаюсь?" они: "Не совсем, присоединяйтесь к нашему вебинару и попросите наших экспертов объяснить это шаг за шагом", я подхожу ближе ... @bbaranoff Wow, bro waiting for your news!

[bbaranoff]

Shadysim is a tool that make you load stk applet via an card programmer think you have to do this over the air by sending binary code to the sim via sms with an osmocombb phone but the code you have to send is close to what shadysim do. I think that SIMTester let you find what is the way to send the code on the sim. I think it is something close to that.

[Tit-7]

Hey, guys, what's new?

[Tit-7]

Well. Whenever you're looking for new info, i've found an interesting .apk file. This programm sands invisible messages to the phone number you write. Anyway, it's possible to recode this programm to sand other codes, lul. Here it is. (Fuck, i can't attache it) sec. Ahhhah, lul, "we don't support this type" Well, u can ask me for this .apk in telegram or gmail

[Tit-7]

But, u know, there's a "SMS ping" in google play.

[theapache64]

@Tit-7 I've created similar program long time ago. It'll sync all incoming messages to the given email id. The app can be invisible from app list. You can get the APK from here

[bbaranoff]

Hello found that https://giammaiot.blogspot.com/2019/09/link-to-learn-more-about-simjacker.html?m=1

[theapache64]

The demo is live right now :astonished: https://thehackernews.com/2019/09/dynamic-sim-toolkit-vulnerability.html

[theapache64]

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

[spawn111]

Вот что я нашел еще https://infocenter.nordicsemi.com/index.jsp?topic=%2Fref_at_commands%2FREF%2Fat_commands%2Ftext_mode%2Ftext_mode.html

[theapache64]

Thanks @spawn111

[spawn111]

есть новости какие-то ?)

[ashar-7]

Any updates?

[bbaranoff]

Hello world have that may be interesting https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/

[3dfxuser]

Даю подсказку: Push, Deck, Card, STK Command, Exit. Подробности - в спецификациях Simalliance. Жаль, в используемых в странах СНГ симках, как правило, нет S@T, так что все это бесполезно.

[ashar-7]

@3dfxuser Is it just CIS or any other countries too?

[3dfxuser]

@ashar-7 It is difficult to say, I do not have enough information.