“Simjacker” has recently been grabbing many telecom and security related headlines, and for good reason. When Adaptive Mobile Security announced last week that they’d uncovered a SIM based attack, which they named Simjacker, it highlighted a type of vulnerability that’s been a growing threat to telecom network security for some time.
Although the name Simjacker is new, and when mentioned alongside words like ‘espionage’ and ‘state surveillance’ is headline-grabbing, this type of ‘next generation’ threat is not entirely unusual. It represents an attack that is more complex, one that falls outside the standard category of attacks defined by the GSMA. It’s a type of attack that we at Sinch, together with other security experts, have been highlighting for some time and we welcome AdaptiveMobile joining the community of researchers focused on next generation signaling threats.
Simjacker attacks take place via a series of SMS messages sent to the victim’s phone number, which contain hidden SMS toolkit (STK) instructions. STK instructions are an old technology that was historically used by operators to push updates and trigger various value added services, but in the case of Simjacker attacks they’re used to instruct devices to share location and other sensitive data, without the victim’s knowledge. Since an attack is SIM based, it also means that the threat is not limited to mobile handsets, but can also effect billions of SIM enabled IoT devices, with the potential to cause widespread disruption.
At the Troopers Security conference and in our Signaling Security webinar last year, we highlighted Root Canal, a similar type of threat where inherent vulnerabilities in the SS7 global telephony protocol can be exploited. Like Simjacker, this threat can also be used to access sensitive subscriber information, like location, and can be used to intercept messages and calls, as well as eavesdrop into conversations and even crash the whole network.
While it’s alarming that we’re now seeing examples of these vulnerabilities being exploited outside of test environments, and indeed allegedly by state players and private companies, the silver lining is that these types of attacks are finally being highlighted and getting the attention they deserve. It’s encouraging that more and more operators are being spurred into action to provide safer networks for their customers, and to secure their networks as a result of the attention these attacks are receiving.
How to protect your network against Simjacker (and other threats)
The good news is that there are solutions available to protect your network against Simjacker and other next generation threats. A Signaling Firewall complemented by an SMS Firewall with a deep filtering capability is still the best form of defense against attacks on your network and your subscribers. Read our Signaling Threats: SS7 and Beyond whitepaper to learn more about the risks that exist in mobile networks, and how the global mobile network can be made safer for both operators and subscribers.