There are three (3) new and previously undetected critical vulnerabilities in Nigerian SIM cards and related GSM network critical vulnerability that could allow remote attackers to compromise targeted mobile phones and spy on victims:
The “SimJacker” vulnerability
The SIM vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards that are widely being used by mobile operators in at least 30 countries, including Nigeria, and can be exploited regardless of the type of handsets victims are using. The S@T Browser, short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of SIM cards, including eSIM, as part of SIM Tool Kit (STK), and has been designed to let mobile carriers provide some basic services, subscriptions, and value-added services over-the-air to their customers. Since S@T Browser contains a series of STK instructions—such as send short message, setup call, launch browser, provide local data, run at command, and send data—that can be triggered just by sending an SMS to a device, the software offers an execution environment to run malicious commands on mobile phones as well.
This vulnerability can perform several tasks, on a targeted device, just by sending an SMS containing a specific type of spyware-like code:
All manufacturers and mobile phone models are vulnerable to this attack as the vulnerability exploits a legacy technology embedded on SIM cards. During the attack, the user is completely unaware that he was targeted, that information was retrieved from his SIM card, and that it was successfully infiltrated.
The Signaling System 7 (SS7) vulnerability
Signaling System 7 (SS7) is a protocol suite developed in 1975 for exchanging information and routing phone calls between different wireline telecommunications companies. Because of SS7’s lack of authentication, any attacker that interconnects with the SS7 network (such as an intelligence agency, a cybercriminal purchasing SS7 access, or a surveillance firm running a fake phone company) can send commands to a subscriber’s “home network” falsely indicating that the subscriber is roaming. These commands allow the attacker to track the victim’s location, and intercept voice calls and SMS text messages. Such capabilities could also be used to intercept codes used for two-factor authentication sent via SMS. It is challenging and expensive for telecommunications operators to distinguish malicious traffic from benign behavior, making these attacks tricky to block.
The SIM Cards manufactures vulnerability
The SIM Cards manufacturers do not disclose the source codes of the operating system of the SIM Cards to the GSM operators, and the SIM Cards cannot be audited by any GSM operator or the regulators to make sure that there’s no backdoor implanted in the SIM Cards. There’s a risk that the SIM Cards manufacturer would legitimately give the encryption keys to their home Governments. There’s a risk that the encryption keys would be acquired illegitimately. The unfettered access to the cellphones around the globe by the SIM cards manufacturers themselves was revealed in 2015, alerting the fact that the American National Security Agency (NSA) and its British equivalent GCHQ hacked into Gemalto, a Netherlands sim card manufacturer producing roughly 2 billion SIM cards a year, stealing encryption keys that allowed them to secretly monitor both voice calls and data. It is imperative to note that Gemalto is the manufacture of the Sim cards using by MTN Nigeria.
Copyright @2020 Balmun Dazang.
