SimJacker, are UbPorts's phone affected ?
-
Hi everybody,
We can found recently on the net a lot of news about SimJacker, an exploit of a vulnerability of every SIM card in 30 different country.
It use a binary SMS to order an application download from an internal SIM browser (S@T Browser, included in a toolkit of nearly every SIM card). Once the software downloaded, it send IMEI, messages and geolocation of your phone to a server.
As it is an exploit coming from a toolkit inside the SIM card, I'm asking the question: are we affected on ubuntu? the exploit is working fine on iphone and android.
Here is a 4 days old article about this exploit :
https://www.engadget.com/2019/09/14/simjacker-attack/
Regards
Meizu Pro 5, Meizu Pro 5, Meizu Pro 5, Meizu Pro 5 (Yes I have 4 of them)
Never forget that they are much more ideas inside two heads than in one... -
In regards to UT users in the USA - the primary providers that work with UT are T-mobile and AT&T.
T-Mobile (which I use for my Meizu Pro 5 daily driver) released a statement that they working with their SIM vendors to verify that they are not installing or enabling the S@T Browser, and that they are monitoring and filtering the SMS messages on their server. https://pbs.twimg.com/media/EESlYaKWwAE137o.jpg:largeAT&T stated in answer to a tech reporter's inquiry: "This is not something we use in the U.S., so we are not affected here."
Best regards,
Steve Berson -
@AlainW94 https://forums.ubports.com/post/22862
In short, yes, because any device which supports a SIM (including eSIM) for cellular data may be affected, as it's an extremely low level problem having to do with software running on the SIM card, which is run by the baseband modem.
There is nothing we can do at the OS level to mitigate the attack, as it happens entirely under the operating system which runs on the phone. It works on feature phones and smart phones, as well as on IoT devices. Even your car could be affected if it has a cellular device utilizing a SIM card.
-
@AlainW94 hi, can you change that link for https://www.engadget.com/2019/09/14/simjacker-attack/, please? It's better to use links without referrers
Thank you! -
@advocatux Done! Sorry.
Meizu Pro 5, Meizu Pro 5, Meizu Pro 5, Meizu Pro 5 (Yes I have 4 of them)
Never forget that they are much more ideas inside two heads than in one... -
@TotalSonic Ok, that's good for US people but for thoses that are not living in the US ...
I found a very interresting video from hackers talking about the SIM card applications and how to install and create Java Code for Java Card SIM at defcon 21, for those who are interrested here is the link:
https://www.youtube.com/watch?v=31D94QOo2gY
I suppose that if you can install software on the SIM card using SIM Alliance Loader software, you can also uninstall them ...
Here the link on how to install a Java code on SIM card using SIM Alliance Loader v2 :
https://www.smartjac.biz/index.php/support/main-menu?view=kb&kbartid=2
I don't have a lot of time for now but it would be interesting to try to explore a SIM card with that software and a special low cost SIM/USB adapter.
-
@AlainW94 you left the referrer but I fixed it. Thanks anyway
-
@advocatux Wooups .. Sorry again ... and Thanks !
-
Simjacker security vulnerability, 3 interesting links for Francophones :
