Uploaded byPositiveTechnologies
856 views

Simjacker: how to protect your network from the latest hot vulnerability

Simjacker is a vulnerability that allows hackers to exploit SMS commands to gain control of mobile devices. The document discusses: 1. The history of STK and how it allows SMS-based menus and commands to be sent to SIM cards, including sending location data and making calls. 2. How the Simjacker vulnerability works by sending SMS commands from an unauthorized number or platform to exploit the STK functionality. 3. Recommendations for networks to protect against Simjacker like prohibiting direct STK SMS messages and continually monitoring and assessing networks for vulnerabilities.

Embed presentation

Downloaded 44 times
Simjacker: how to protect your network from the latest hot vulnerability Sergey Puzankov Lead Security Researcher |
Ongoing security research Responsible disclosure – responsible attitude 2014 Signaling System 7 (SS7) security report 2014 Vulnerabilities of mobile Internet (GPRS) 2016 Primary security threats to SS7 cellular networks 2017 Threats to packet core security of 4G network 2017 Next-generation networks, next-level cybersecurity problems (Diameter vulnerabilities) 2018 SS7 Vulnerabilities and Attack Exposure Report 2018 Diameter Vulnerabilities Exposure Report 2019 5G security issues
Simjacker publications
V V V History of the technology VSIM Application Toolkit (STK) implements an SMS-based menu STK menus customized by MNOs SIM card providers try to unify their solutions: S@T Browser is just one of the unifications Typical STK operations:  Send location data  Send an SMS to a particular number  Make a call  Initiate a packet data session  Send internal IDs  Beep loudspeaker
History of the vulnerability https://www.theregister.co.uk/2013/09/23/white_hat_sim_hacker_disillusioned_and_dismayed_by_operator_response/ https://securityaffairs.co/wordpress/31663/hacking/hacking-4g-usb-modems.html V 2013 V 2014 V 2019
Short message service SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers
Simjacker malefactor SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers
Mitigation SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers Prohibit P2P STK SMS messages Prohibit STK SMS messages from unauthorized platforms SMS-C Prohibit STK SMS messages from external connections to home subscribers SMS router
Mitigation VMT SMS message with SIM STK command VMO SMS message with SIM STK command
Advanced hacker SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers
Assess your network SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers ? ?
Assessment statistics 2017 2018 2019
Protect SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers
Add monitoring SMS-CMSC MSC SS7 STK platformSMS router SMS-CSTP VAS providers TAD TAD
Assess Monitor Protect Auditing provides the essential visibility to fully understand your ever changing network risks. Continual real time monitoring is essential to measure network security efficiency and provide rapid detection and mitigation. Completely secure your network by addressing both generic vulnerabilities (GSMA) and the threats that actually effect you as an ongoing process. Delivering Signalling Security With Positive Technologies
Scheme of the demo MSC SS7 STK platformSMS router SMS-CSTP
Thank you

More Related Content

PDF
Creating a fuzzer for telecom protocol 4G LTE case study
byPositiveTechnologies
 
PDF
SS7 Vulnerabilities
byPositiveTechnologies
 
PDF
Telecom Security in the Era of 5G and IoT
byPositiveTechnologies
 
PPT
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
PPTX
Snort
byFadwa Gmiden
 
PDF
Attacks you can't combat: vulnerabilities of most robust MNOs
byPositiveTechnologies
 
PDF
Mobile signaling threats and vulnerabilities - real cases and statistics from...
byDefCamp
 
PPTX
SOC Fundamental Roles & Skills
byHarry McLaren
 
Creating a fuzzer for telecom protocol 4G LTE case study
byPositiveTechnologies
 
SS7 Vulnerabilities
byPositiveTechnologies
 
Telecom Security in the Era of 5G and IoT
byPositiveTechnologies
 
SOC presentation- Building a Security Operations Center
byMichael Nickle
 
Snort
byFadwa Gmiden
 
Attacks you can't combat: vulnerabilities of most robust MNOs
byPositiveTechnologies
 
Mobile signaling threats and vulnerabilities - real cases and statistics from...
byDefCamp
 
SOC Fundamental Roles & Skills
byHarry McLaren
 

What's hot

PDF
VoLTE Interfaces , Protocols & IMS Stack
byVikas Shokeen
 
PDF
Telecom security from ss7 to all ip all-open-v3-zeronights
byP1Security
 
PPTX
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
PPTX
Splunk
byDeep Mehta
 
PDF
Positive approach to security of Core networks
byPositiveTechnologies
 
PDF
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
byEC-Council
 
PPTX
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
PPT
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
byALTANAI BISHT
 
PPTX
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
PPTX
cyber security presentation.pptx
bykishore golla
 
PDF
Soc analyst course content v3
byShivamSharma909
 
PPTX
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
PDF
Assaulting diameter IPX network
byAlexandre De Oliveira
 
PDF
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
PPTX
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
byPositiveTechnologies
 
PPTX
security onion
byBoni Yeamin
 
PDF
Philippe Langlois - Hacking HLR HSS and MME core network elements
byP1Security
 
PDF
Presentation cisco iron port email & web security
byxKinAnx
 
PPTX
SOC and SIEM.pptx
bySandeshUprety4
 
PDF
Nmap Basics
byamiable_indian
 
VoLTE Interfaces , Protocols & IMS Stack
byVikas Shokeen
 
Telecom security from ss7 to all ip all-open-v3-zeronights
byP1Security
 
Effective Security Operation Center - present by Reza Adineh
byReZa AdineH
 
Splunk
byDeep Mehta
 
Positive approach to security of Core networks
byPositiveTechnologies
 
LTE protocol exploits – IMSI catchers, blocking devices and location leaks - ...
byEC-Council
 
An introduction to SOC (Security Operation Center)
byAhmad Haghighi
 
Sip Detailed , Call flows , Architecture descriptions , SIP services , sip se...
byALTANAI BISHT
 
Critical Capabilities for MDR Services - What to Know Before You Buy
byFidelis Cybersecurity
 
cyber security presentation.pptx
bykishore golla
 
Soc analyst course content v3
byShivamSharma909
 
Security Operation Center Fundamental
byAmir Hossein Zargaran
 
Assaulting diameter IPX network
byAlexandre De Oliveira
 
PaloAlto Enterprise Security Solution
byPrime Infoserv
 
SS7: the bad neighbor you're stuck with during the 5G migration and far beyond
byPositiveTechnologies
 
security onion
byBoni Yeamin
 
Philippe Langlois - Hacking HLR HSS and MME core network elements
byP1Security
 
Presentation cisco iron port email & web security
byxKinAnx
 
SOC and SIEM.pptx
bySandeshUprety4
 
Nmap Basics
byamiable_indian
 

More from PositiveTechnologies

PPTX
Telecom incidents investigation: daily work behind the scenes
byPositiveTechnologies
 
PPTX
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
byPositiveTechnologies
 
PPTX
Security course: exclusive 5G SA pitfalls and new changes to legislation
byPositiveTechnologies
 
PPTX
Telecom under attack: demo of fraud scenarios and countermeasures
byPositiveTechnologies
 
PPTX
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
byPositiveTechnologies
 
PPTX
5G mission diary: Houston, we have a problem
byPositiveTechnologies
 
PPTX
Cybersecurity & Fraud Mitigation in Telcos
byPositiveTechnologies
 
PDF
SS7: 2G/3G's weakest link
byPositiveTechnologies
 
PDF
On the verge of fraud
byPositiveTechnologies
 
PDF
Signaling security essentials. Ready, steady, 5G!
byPositiveTechnologies
 
Telecom incidents investigation: daily work behind the scenes
byPositiveTechnologies
 
5G SA security: a comprehensive overview of threats, vulnerabilities and rem...
byPositiveTechnologies
 
Security course: exclusive 5G SA pitfalls and new changes to legislation
byPositiveTechnologies
 
Telecom under attack: demo of fraud scenarios and countermeasures
byPositiveTechnologies
 
Migrating mobile networks to 5 g a smooth and secure approach 01.10.20
byPositiveTechnologies
 
5G mission diary: Houston, we have a problem
byPositiveTechnologies
 
Cybersecurity & Fraud Mitigation in Telcos
byPositiveTechnologies
 
SS7: 2G/3G's weakest link
byPositiveTechnologies
 
On the verge of fraud
byPositiveTechnologies
 
Signaling security essentials. Ready, steady, 5G!
byPositiveTechnologies
 

Recently uploaded

PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
PPTX
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
PPTX
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
December Patch Tuesday
byIvanti
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
PDF
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
cybercrime in Information security .pptx
byismaeelsahib032
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
GPUS and How to Program Them by Manya Bansal
byScyllaDB
 
From Backup to Resilience: How MSPs Are Preparing for 2026
byMSP360
 
Data Privacy and Protection: Safeguarding Information in a Connected World
byYasir Naveed Riaz
 
The year in review - MarvelClient in 2025
bypanagenda
 
December Patch Tuesday
byIvanti
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Day 1 - Cloud Security Strategy and Planning ~ 2nd Sight Lab ~ Cloud Security...
by2nd Sight Lab
 
Internet_of_Things_IoT_for_Next_Generation_Smart_Systems_Utilizing.pdf
byRoshanSyed12
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Software Analysis &Design ethiopia chap-2.pptx
byAbbas484771
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 

Simjacker: how to protect your network from the latest hot vulnerability