AdaptiveMobile Security Simjacker Technical Paper 01
Figure 11: Attacker’s Method of Location Tracking via Source
Download 3.33 Mb. View original pdf
|
SIM-Swapping
- Navigate this page:
- Avoidance techniques 5.1.1 Alternative Input Routes
- A2P Sources
| Figure 11: Attacker’s Method of Location Tracking via Source The use of SS attacks, in a tight coordination with Simjacker activity, strongly indicates that the attacker has access to the SS network from global sources. It allows us to use the intelligence that we have built up over many uses in filtering attack over the Mobile Operators core networks. Namely, we have built up tools like our SIGIL 2 platform that profiles and record the methods, techniques and patterns that various hostile actors exploiting the SS network use. By using these tools, we are then able to begin to attribute the Simjacker attacks to specific hostile actor. More details of these attribution are in Section 6. 2 https://www.adaptivemobile.com/products/sigil-signalling-intelligence-layer 20 Simjacker Technical Report ©2019 AdaptiveMobile Security 5 Attack Format and Evolution We have observed the Attacker Entity use multiple different methods to avoid detection over the entire period that we have been aware of it. Below is a sample of some of these techniques. The extensive range of these techniques illustrates how complex the attackers are and their range of abilities. 5.1 Avoidance techniques 5.1.1 Alternative Input Routes The primary method for injection of the Simjacker Location attacks is via Handset, that is messages were submitted to the mobile network via SMS-SUBMIT/MO-FSM packets. However different methods are possible and were occasionally observed in the wild, as follows • A2P Sources We detected SMS Simjacker Attacks being sent via VASP Shortcodes, which directly submitted these messages to the targeted Operators SMSC. This was done in order to avoid filtering setups which may assume that messages from VASP sources are safe/trusted. • SS7 Sources We detected SMS Simjacker Attacks being sent from external SS SCCP Global Titles worldwide, being sent to the targeted subscribers currently serving MSC/VLR. This was done in order to exploit any unfiltered ingress points into the operator mobile’s network. 5.1.2 Download 3.33 Mb. Share with your friends:
|