23
Simjacker
Technical Report ©2019
AdaptiveMobile Security 5.2
Additional Functionality Attempted by Attacker The primary use of the Simjacker exploit by the Attackers is for Location and IMEI information retrieval, though we have observed the following Commands being executed by the Attackers. We believe that these commands were being run as a form of testing of defences and what is possible in various Mobile Operators and devices.
We observed • Retrieval of Different information, including o ICCID, (radio) Access Technology,
• SS &
USSD Command Execution, including o Get IMEI as stored in the network, Change PIN Code, Check Balance
•
Set Up Call • Send DTMF Tones
• Open Browser
• Run AT Command As well as that, other functionality was observed which is being investigated. The Run AT Command in particular is interesting.
While previous research3
has shown that AT commands are quite dangerous, it must be cautioned that it is highly unlikely the attackers succeeded using this, fora few reasons. One of these is that AT-Command via STK requires specific settings both on the SIM Card and on the Handset Terminal Profile. An inspection of Terminal Profiles in open source databases
4
reveals very few devices that have this setting. Also, the ST Browser does not formally support the Proactive Run AT Command.
3
https://atcommands.org/
4
https://terminal-profile.osmocom.org/
24
Simjacker Technical Report
©2019 AdaptiveMobile Security
6 Attribution & Evaluation
6.1
Share with your friends: