Navigation

    UBports Robot Logo

    UBports Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Search

    SimJacker, are UbPorts's phone affected ?

    General
    5
    9
    368
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • AlainW94
      AlainW94 last edited by advocatux

      Hi everybody,

      We can found recently on the net a lot of news about SimJacker, an exploit of a vulnerability of every SIM card in 30 different country.

      It use a binary SMS to order an application download from an internal SIM browser (S@T Browser, included in a toolkit of nearly every SIM card). Once the software downloaded, it send IMEI, messages and geolocation of your phone to a server.

      As it is an exploit coming from a toolkit inside the SIM card, I'm asking the question: are we affected on ubuntu? the exploit is working fine on iphone and android.

      Here is a 4 days old article about this exploit :

      https://www.engadget.com/2019/09/14/simjacker-attack/

      Regards

      dobey advocatux 2 Replies Last reply Reply Quote 0
      • TotalSonic
        TotalSonic last edited by

        In regards to UT users in the USA - the primary providers that work with UT are T-mobile and AT&T.
        T-Mobile (which I use for my Meizu Pro 5 daily driver) released a statement that they working with their SIM vendors to verify that they are not installing or enabling the S@T Browser, and that they are monitoring and filtering the SMS messages on their server. https://pbs.twimg.com/media/EESlYaKWwAE137o.jpg:large

        AT&T stated in answer to a tech reporter's inquiry: "This is not something we use in the U.S., so we are not affected here."

        Best regards,
        Steve Berson

        AlainW94 1 Reply Last reply Reply Quote 0
        • dobey
          dobey @AlainW94 last edited by

          @AlainW94 https://forums.ubports.com/post/22862

          In short, yes, because any device which supports a SIM (including eSIM) for cellular data may be affected, as it's an extremely low level problem having to do with software running on the SIM card, which is run by the baseband modem.

          There is nothing we can do at the OS level to mitigate the attack, as it happens entirely under the operating system which runs on the phone. It works on feature phones and smart phones, as well as on IoT devices. Even your car could be affected if it has a cellular device utilizing a SIM card.

          1 Reply Last reply Reply Quote 0
          • advocatux
            advocatux @AlainW94 last edited by

            @AlainW94 hi, can you change that link for https://www.engadget.com/2019/09/14/simjacker-attack/, please? It's better to use links without referrers 😉 Thank you!

            AlainW94 1 Reply Last reply Reply Quote 0
            • AlainW94
              AlainW94 @advocatux last edited by

              @advocatux Done! Sorry.

              advocatux 1 Reply Last reply Reply Quote 0
              • AlainW94
                AlainW94 @TotalSonic last edited by AlainW94

                @TotalSonic Ok, that's good for US people but for thoses that are not living in the US ...

                I found a very interresting video from hackers talking about the SIM card applications and how to install and create Java Code for Java Card SIM at defcon 21, for those who are interrested here is the link:

                https://www.youtube.com/watch?v=31D94QOo2gY

                I suppose that if you can install software on the SIM card using SIM Alliance Loader software, you can also uninstall them ...

                Here the link on how to install a Java code on SIM card using SIM Alliance Loader v2 :

                https://www.smartjac.biz/index.php/support/main-menu?view=kb&kbartid=2

                I don't have a lot of time for now but it would be interesting to try to explore a SIM card with that software and a special low cost SIM/USB adapter.

                1 Reply Last reply Reply Quote 0
                • advocatux
                  advocatux @AlainW94 last edited by

                  @AlainW94 you left the referrer but I fixed it. Thanks anyway 🙂

                  AlainW94 1 Reply Last reply Reply Quote 0
                  • AlainW94
                    AlainW94 @advocatux last edited by

                    @advocatux Wooups .. Sorry again ... and Thanks !

                    1 Reply Last reply Reply Quote 1
                    • D
                      domubpkm last edited by

                      Simjacker security vulnerability, 3 interesting links for Francophones :

                      https://www.icrowdfr.com/2019/09/17/1b-utilisateurs-mobiles-vulnerables-a-lattaque-de-surveillance-simjacker-en-cours/

                      https://www.clubic.com/antivirus-securite-informatique/virus-hacker-piratage/actualite-869774-simjacker-faille-sim-permettrait-surveiller-quasiment.html

                      https://www.cnetfrance.fr/news/cartes-sim-faut-il-s-inquieter-de-la-faille-simjacker-s-t-browser-39890831.htm

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post