AdaptiveMobile Security Simjacker Technical Paper 01
Countries/Operators Potentially Affected
Download 3.33 Mb. View original pdf
|
SIM-Swapping
- Navigate this page:
- 29 countries
| Countries/Operators Potentially Affected The main focus on determining the reach of the vulnerability was what number of SIM Cards have the ST Browser deployed on them. During the GSMA CVD process a list of affected countries or number of affected SIMs was difficult to obtain, other than it was understood that it would be a minority of SIMs globally due to the fact that the ST Browser technology was not prevalent worldwide. In the absence of specific numbers, the following is the method we took to understand what countries were potentially impacted / number of affected devices, as well as the limitations in this model. Also, this is not an estimation of the risk of these SIM Cards being successfully exploited, it is just the vulnerability. If Mobile Operators put in place rigorous and comprehensive defences which are monitored continuously over their network to stop these attacks, then even though vulnerable SIM Cards maybe present, the risk is greatly reduced. However, as we have shown, the Simjacker Attackers have employed multiple evasive techniques, which would be beyond what the typical Mobile Operator would have planned for. Therefore, it is prudent to profile the scale of the vulnerable SIM Cards on their own. During our investigation into these attacks, we analysed whether Simjacker type messages were sent to inbound roamers over the SS network over the last 3 months. As a side-effect, we could then use this as a proxy of determining what countries use the ST Browser technology in a vulnerable manner. Specifically, this allowed us to see if • ST Browser Push Types messages. • with a Command Header indicating that no security was applied • was sent from a Mobile Operator in a foreign country • to outbound roamers over the SS network If all 4 conditions were met this gave us a metric that a) ST Browser infrastructure, run by an Operator, was being actively used to send messages of this type to subscribers from that country and b) that the no security level was being applied, so in theory the SIM Cards used by those subscribers were vulnerable. We also further excluded a number of source countries if they were • sending Simjacker attacks, • sending very low volumes of ST Browser traffic, or • if they were sending some legitimate ST Browser messaging fora different mobile operator. Based on the numbering plans of the source and destination of the remaining analysed activity we were able to detect that at least 29 countries actively used this technology. 28 Simjacker Technical Report ©2019 AdaptiveMobile Security The below map shows those countries distribution. Download 3.33 Mb. Share with your friends:
|