Simjacker SMS attack evolution and Binary SMS Messaging Security

The Simjacker SMS attack against a SIM Card application showed how surveillance companies are using messaging techniques maliciously against mobile devices. In this talk we show how the Simjacker attackers has reacted since they were exposed. We also detail the existence of other potentially vulnerable SIM Card applications, as well as exploring the wider world of binary SMS messaging, and how it could be secured.

The announcement of the Simjacker vulnerability, and its active exploitation by surveillance companies in several countries, shined a light on a previously little discussed and overlooked attack vector, that is: the use of text messages to execute malicious functionality on mobile devices. In this particular case, by targeting the SIM card on the mobile device directly. However, while information shared with mobile operators has allowed them to review and update their SMS and SS7 defences, the attackers has also not been stationary, and have reacted to these updated defences. Also, a wider analysis has revealed that other SIM Card applications have characteristics that means they may also be vulnerable to attacks via SMS.
In this presentation we will first cover several aspects of the Simjacker attacks, including a brief overview of the Simjacker attack, how it is possible, and the scale of devices that were vulnerable. We will also show where the attackers were active, and how attackers bypassed existing mobile messaging and signalling defences in place We will then give the outcome of new research since our initial release. We will show how the attackers have evolved their attacks since the initial public release of the existence of the exploit, and what this means for mobile operators. We will then go further and provide a view of other SIM Card applications in use today worldwide, which may be vulnerable to attackers, as well as viewpoint on the wider world of binary messaging. Finally, we will give recommendations on detecting and blocking not just Simjacker type attacks, but other types of mobile messaging attacks.

About the Speaker