31
Simjacker Technical Report
©2019 AdaptiveMobile Security Some of these require information to be displayed to the user, whereas others do not. But as per the ST and USIM standards, and by using these commands, a variety of other attacks seem possible.
While not exhaustive, a number of proposed scenarios using these commands are covered briefly below
• Fraud Applications
• Advanced Location Tracking
• Assistance in Malware Deployment
•
Denial of Service • Information Retrieval
• Misinformation Note In our initial blog, we showed a larger list of Proactive STK Commands, which we believed were accessible from the ST Browser. This was due partially to observing the attackers using these additional proactive commands. From subsequent followup testing and standards review, we do not believe that these commands are possible in (normal versions)
of the ST Browser, and the blog was subsequently changed.
7.2.1
Share with your friends: