AdaptiveMobile Security Simjacker Technical Paper 01
Download 3.33 Mb. View original pdf
|
SIM-Swapping
- Navigate this page:
- 522 million SIM Cards
- The most probable, conservative estimate is that mid to high hundreds of
| connections. This number is higher that the population of the ST Browser-using countries due to IoT devices, dual SIM phones etc. • Some operators may have the ST Browser on their (older) SIM cards but no longer send/receive ST Browser activity (messages from these SIM cards. This would be because they have disabled the ST Browser infrastructure on the network side, but the technology is still resident on their SIM cards, making them still potentially vulnerable. Also, there are public references to RFPs 7 being run in the past by Mobile Operators to acquire SIM card which have the ST Browser technology on them. During this process we have been informed by operators in additional countries who state they have this technology. But as we did not directly observe ST Browser messaging at a no security Level being sent from these countries, we did not include them on the list. As well, as our own datapoints, there is the recent additional information in the testing that SRLabs 8 did on 800 SIM Card measurements. In this, they reported that A subset of 5.6% are vulnerable to Simjacker, because their protection level was set to zero. Given there are 9.320 billion mobile connections active 9 this would give a figure of 522 million SIM Cards containing the ST Browser. However, this value must also be regarded as approximate, as this is based on the origin of the individual SIM card measurements taken overtime and does not cover 10 every country in the world. Taking all this information together, our best estimates of number of SIM cards with this technology must be in a range, with estimates from a few hundred million to over a billion SIM cards. The most probable, conservative estimate is that mid to high hundreds of 6 https://www.gsmaintelligence.com/ 7 https://www.telkom.co.za/about_us/procurement/downloads/StaticContent/RFP_0322_2011.pdf 8 https://srlabs.de/bites/sim_attacks_demystified/ 9 https://www.gsmaintelligence.com/ 10 https://www.vice.com/en_us/article/qvgzqw/researchers-think-they-know-how-many-phones-are-vulnerable-to-simjacker- attacks 30 Simjacker Technical Report ©2019 AdaptiveMobile Security Download 3.33 Mb. Share with your friends:
|