AdaptiveMobile Security Simjacker Technical Paper 01



Download 3.33 Mb.
View original pdf
Page20/29
Date20.12.2023
Size3.33 Mb.
#62999
1   ...   16   17   18   19   20   21   22   23   ...   29
SimJacker
SIM-Swapping
connections. This number is higher that the population of the ST Browser-using countries due to IoT devices, dual SIM phones etc.
• Some operators may have the ST Browser on their (older) SIM cards but no longer send/receive ST Browser activity (messages from these SIM cards. This would be because they have disabled the ST Browser infrastructure on the network side, but the technology is still resident on their SIM cards, making them still potentially vulnerable. Also, there are public references to RFPs
7
being run in the past by Mobile Operators to acquire SIM card which have the ST Browser technology on them. During this process we have been informed by operators in additional countries who state they have this technology. But as we did not directly observe ST Browser messaging at a no security Level being sent from these countries, we did not include them on the list. As well, as our own datapoints, there is the recent additional information in the testing that
SRLabs
8
did on 800 SIM Card measurements. In this, they reported that A subset of 5.6% are
vulnerable to Simjacker, because their protection level was set to zero. Given there are 9.320 billion mobile connections active
9
this would give a figure of
522 million SIM Cards
containing the ST Browser. However, this value must also be regarded as approximate, as this is based on the origin of the individual SIM card measurements taken overtime and does not cover
10
every country in the world. Taking all this information together, our best estimates of number of SIM cards with this technology must be in a range, with estimates from a few hundred million to over a billion SIM cards. The most probable, conservative estimate is that mid to high hundreds of
6
https://www.gsmaintelligence.com/
7
https://www.telkom.co.za/about_us/procurement/downloads/StaticContent/RFP_0322_2011.pdf
8
https://srlabs.de/bites/sim_attacks_demystified/
9
https://www.gsmaintelligence.com/
10
https://www.vice.com/en_us/article/qvgzqw/researchers-think-they-know-how-many-phones-are-vulnerable-to-simjacker- attacks


30
Simjacker Technical Report
©2019 AdaptiveMobile Security

Download 3.33 Mb.

Share with your friends:
1   ...   16   17   18   19   20   21   22   23   ...   29




The database is protected by copyright ©ininet.org 2024
send message

    Main page